Root Shell Sun Solaris Meterial

Solaris SA 1 & 2 - Training Material

SOLARIS - OPERATING ENVIRONMENT SYSTEM ADMINISTRATION – I & II

Training Material

Solaris Operating Environment System Administration I & II

Page 1 of 563

Solaris SA 1 & 2 - Training Material

SOLARIS - OPERATING ENVIRONMENT SYSTEM ADMINISTRATION - 1 INDEX

Chap. No

Chapter Name

Starting Page No

1

ƒ ƒ

Introducing the Solaris Operating System Installing the Solaris Operating Environment on a Standalone System

4

2

ƒ ƒ

Administration of Software Packages Managing Software Patches

19

3

Systems Security

52

4

The Boot PROM

97

5

Adding Users

125

6

Device Configuration

150

7

Disks, Slices, and Format

170

8

The Solaris Operating Environment UFS File System

193

9

Mounting File System

208

10

Directory Hierarchy

232

11

Maintaining File Systems

248

12

Scheduling Process Control

263

13

System Boot Process

274

14

Backup and Recovery

300

Solaris Operating Environment System Administration I & II

Page 2 of 563

Solaris SA 1 & 2 - Training Material

SOLARIS - OPERATING ENVIRONMENT SYSTEM ADMINISTRATION - II INDEX

Chap. No

Chapter Name

Starting Page No

15

Introducing Disk Management.

320

16

Introducing the Solaris Network Environment.

329

17

Solaris Operating Environment syslog.

350

18

Solaris Pseudo File Systems and Swap Space.

369

19

NFS.

392

20

AutoFS.

422

21

Cache FS.

438

22

Naming Services Overview.

454

23

NIS.

474

24

JumpStart™-Automatic Installation.

517

*****

Solaris Operating Environment System Administration I & II

Page 3 of 563

Solaris SA 1 & 2 - Training Material

CHAPTER - 1 INTRODUCING THE SOLARIS OPERATING SYSTEM ENVIRONMENT SYSTEM ADMINISTRATION

Roles of the system Administrator ‰

The system administrator is responsible for the smooth operation of day-to-day, activities on each system. The scope and variety of tasks that a Solaris Operating Environment system administrator performs have been placed into the following two course categories:

‰

The first category encompasses all the major skills and activities required to administer a standalone system and are covered in this course: SA-238 Solaris Operating Environment System Administration I

‰

The second category includes those skills and activities required to successfully administer a basic client/server configuration and are covered in the course: SA-288 Solaris Operating Environment System Administration II

Solaris Operating Environment System Administration I & II

Page 4 of 563

Solaris SA 1 & 2 - Training Material

System Administration Terms The following list defines some common system administration terms ‰

Host – Another word for a computer system

‰

Host Name – A unique name given to a computer system by the system administrator to distinguish from other hosts on the network. The command uname – displays the assigned host name.

‰

Internet (IP) address - A number that represents the host address and the network address, for example: 192.134.117.25. A host's IP address identifies where a host is on the Internet, which allows network traffic to be directed to that host. This software address is placed in the /etc/inet/hosts file.

‰

Ethernet address -A host's unique hardware address. A number displayed as 12 hexadecimal digits. For example, 08:00:20:1c:54:7e. This address is stored in the NVRAM (nonvolatile random access memory) chip.

‰

Server - A host that provides one or more services to hosts on a network.

‰

Client - A host that uses services, provided by the

Note - Servers and clients are two types of hosts in a distributed computing environment.

Solaris Operating Environment System Administration I & II

Page 5 of 563

Solaris SA 1 & 2 - Training Material

INSTALLING THE SOLARIS OPERATING ENVIRONMENT ON A STANDALONE SYSTEM

Objectives Upon completion of this module, you should be able to: •

State the different installation methods available for the Solaris Operating Environment software

•

Explain the hardware requirements for a Solaris Operating Environment installation

•

Identify the different Solaris Operating Environment soft-ware CD-ROM editions

•

List the five Solaris Software Groups

•

Demonstrate how to install the Solaris Operating Environment software on a networked, standalone system, using Solaris™ Web Start

Solaris Operating Environment System Administration I & II

Page 6 of 563

Solaris SA 1 & 2 - Training Material

The Solaris Operating Environment Software Installation Options You can install the Solaris software on a system using one of the following installation options •

Solaris Web Start 3.0 Installation - Provides a graphical user interfacebased, Java technology-powered software application that guides you through the installation of the Solaris Operating Environment and other software on a single system from a local or remote CD-ROM drive.

•

Solaris Interactive Installation Program-Provides a graphical user Interface that guides you step-by-step through installing the Solaris Operating Environment software, 'this installation program does not enable you to install all the additional software, as with Solaris Web Start, it installs only the Solaris Operating Environment software.

•

Solaris Installation Over the Network - Provides the capability to install the Solaris Operating environment software on a large number of systems that do not have -a local CD-ROM drive. This eliminates the need to insert the Solaris Operating Environment software CD-ROM on every system. You can install these systems from the remote Solaris Operating Environment software CD images, which have been copied to an install server system's hard drive.

•

Solaris JumpStart Installation - Provides the capability to automatically install the Solaris Operating Environment software on a new system only, by inserting the CD labeled Solaris •Software 1 of 2 SPARC Platform Edition or Intel Platform Edition into the CD-ROM drive and turning on the system. The software components installed are specified by a default profile that is selected based on the model and disk size of the system.

Solaris Operating Environment System Administration I & II

Page 7 of 563

Solaris SA 1 & 2 - Training Material

•

Solaris Custom JumpStart Installation - A type of installation in which the Solaris Operating Environment software is automatically installed on a system based on a user-defined profile. You can customize profiles for different types of users and systems, and this is the most cost-effective option for installing the Solaris Operating Environment software in a large enterprise. Provides hands off installation across the network based on a central configured server. .

Note - This module describes how to install the Solaris Operating Environment software on a single system with Solaris Web Start, Sun's graphical wizard, Java technology-powered software installation application.

Solaris Operating Environment System Administration I & II

Page 8 of 563

Solaris SA 1 & 2 - Training Material

Hardware Requirements of a Solaris Operating Environment Installation A desktop Solaris Operating Environment installation requires: •

A SPARC-based or an Intel-based system

•

64 Mbytes of memory

•

2.3 Gbytes of disk space

•

Access to a CD-ROM drive

Solaris Operating Environment System Administration I & II

Page 9 of 563

Solaris SA 1 & 2 - Training Material

The Solaris Operating Environment installation CD-ROM The content of each CD-ROM in the Solaris Operating Environment Media kit is as follows: The Solaris Operating Environment SPARC Platform Edition CD-ROM

•

Solaris Installation English SPARC Platform Edition

•

Solaris Software CD 1 of 2 SPARC Platform Edition

•

Solaris Software CD 2 of 2 SPARC Platform Edition

•

Solaris Documentation CD (English SPARC/Intel Platform Edition)

International Versions of the Solaris Operating Environment International versions of Solaris contain: •

Solaris Installation Multilingual CD SPARC Platform Edition

•

Solaris Software CD 1 of 2 SPARC Platform Edition

•

Solaris Software CD 2 of 2 SPARC Platform Edition

•

Solaris Languages CD - SPARC Platform Edition or Intel Platform Edition

International versions also include a two CD-ROM set labeled: •

Solaris -Documentation European SPARC/Intel Platform Edition, which contains English, French, German, Italian, Spanish, and Swedish documentation.

•

Solaris Documentation Asian SPARC/Intel Platform Edition, which contains Simplified and Traditional Chinese, Japanese, and Korean documentation.

Solaris Operating Environment System Administration I & II

Page 10 of 563

Solaris SA 1 & 2 - Training Material

Intel Versions of the Solaris. Operating Environment An equivalent CD-ROM set is included with the Solaris Intel Platform Edition, plus a diskette labeled Solaris Device Configuration Assistant Intel Platform Edition.

Choosing the Correct CD for Your Installation Requirements

The following describes which CD-ROM is required when installing Solaris using the different installation methods: •

Solaris Web Start uses the following CD-ROM set: ¾ Solaris Installation ¾ Solaris Software 1 of 2 ¾ Solaris. Software 2 of 2

All the other installation methods described earlier use the Solaris Software 1 of 2 and-Solaris Software 2 of 2 CD-ROM set.

Solaris Operating Environment System Administration I & II

Page 11 of 563

Solaris SA 1 & 2 - Training Material

The Solaris Operating Environment Software Arrangement The Solaris Operating Environment software delivered on the Solaris Software CD-ROM set 1 of 2 and 2 of 2 are organized into three types of components: •

Software Packages

•

Software Clusters

•

Cluster Configurations

Cluster Configuration

Figure 14-1

Software Cluster

Software Packages

Solaris Operating Environment Software Components

Software Packages A software package contains a group of files and directories in a category of related software (for example, system or application) and software installation scripts

Solaris Operating Environment System Administration I & II

Page 12 of 563

Solaris SA 1 & 2 - Training Material

Software Clusters During the software installation process, logical collections of software packages are grouped into software clusters, For example, the CDE software cluster includes the following packages: SUNWdtbas SUNWdtbas SUNWdtdem SUNWdtdm SUNWdtdst SUNWdthe

SUNWdthed SUNWdthev SUNWdticn SUNWdtim SUNWdtinc SUNWdtma

SUNWdtmad SUNWdtrme SUNWdtwn SUNWeudba SUNWudbd SUNWeudda

SUNWeudhr SUNWeudhs SUNWeudis SUNWeudlg SUNWmfman

Some software clusters can contain only one software package.

Cluster Configuration The cluster configurations are referred to during the installation process as the Solaris Software Groups. There are currently five software groups available, which include: •

Entire Solaris Software Group Plus OEM -SUNWCXall

•

Entire Solaris Software Group – SUNWCall

•

Developer Solaris Software Group - SUNWCprog

•

End User Solaris Software Group - SUNWCusr

•

Core Solaris Software Group - SUNWCreq

Solaris Operating Environment System Administration I & II

Page 13 of 563

Solaris SA 1 & 2 - Training Material

The Solaris Operating Environment Software Groups

Figure 14-2

Solaris Operating Environment Software Groups

Core Core is a software group that contains the minimum software required to boot and run the Solaris Operating Environment on a system. It includes some networking software and the drivers required to run the Common Desktop Environment (CDE) or Open Windows desktop. It does not include the CDE or Open Windows software.

End User System Support The End User System Support is a software group that contains the Core software group plus the recommended software for an end user, including Open Windows or CDE and DeskSet software.

Note - Approximate disk space requirement for End User is 1.6 Gbytes.

Solaris Operating Environment System Administration I & II

Page 14 of 563

Solaris SA 1 & 2 - Training Material

Developer System Support The Developer System Support is a software group that contains the End User System Support software group plus the libraries, Include files, man pages, and programming, tools for developing software.

Note - Approximate disk space requirement for Developer is 1.9 Gbytes.

Entire Distribution The Entire Distribution is a. software group that contains the entire Solaris Operating Environment software release.

Note — approximate disk space requirement for Entire Distribution is 2.3 Gbytes.

Entire Distribution Plus OEM Support The Entire Distribution plus OEM Support is a software group that contains the entire Solaris Operating Environment software release, plus additional hardware support for Original Equipment Manufactures (OEMs). This software group is recommended when, installing the Solaris Operating Environment software on SPARC-based servers.

Note - Approximate disk space requirement for Entire Distribution plus OEM is 2.4 Gbytes.

Solaris Operating Environment System Administration I & II

Page 15 of 563

Solaris SA 1 & 2 - Training Material

Planning an Installation on a Standalone System The following installation procedures describe how to run Solaris Web Start to install the Solaris Operating Environment software on a networked, standalone system from a local CD-ROM drive.

You can run Solaris Web Start in either of two ways: •

Graphical User Interface (GUI) - This requires a local or remote CD-ROM drive or network connection, frame buffer, keyboard, and monitor.

•

Command Line Interface (CLI) - This requires a local or remote CD-ROM drive or network connection, keyboard, and monitor.

If Solaris Web Start detects a frame buffer for the system, it uses the GUI, if it does not it uses the CLI. The content and sequence of instructions in both are generally the same.

Note - You can select the Solaris Web Start's upgrade option during installation if the system is currently running Solaris Operating Environment software. However, if the system is currently running the Solaris 2.5.1 or Solaris 2.6 Operating Environments, you must run an Interactive Installation to perform a Solaris Operating Environment upgrade.

Solaris Operating Environment System Administration I & II

Page 16 of 563

Solaris SA 1 & 2 - Training Material

Pre-Installation Information Before installing the Solaris Operating Environment software on a networked standalone system, you must provide the following information: •

Host name - A unique, commonly short name for the system. You can use the command uname –n command to determine the host name on an existing system.

•

Host IP address - A software address representing the host address and network address.

•

Name service type - Determine if the networked system is to be included in one of the following types of name service domains: NIS, NIS+, other, or none.

•

Subnet mask - Determine if the networked system is to be included in a particular subnet. The subnets mask is stored in the /etc/netmask file.

Note - A subnet is used to partition network traffic. Segmenting network traffic over many different subnets increases bandwidth to each host. •

Geographic location and time zone - A specific region where the system physically resides.

•

Root password - A password assigned to root to gain access and root privileges on the system.

•

Language - Determine the language to be used to install the Solaris Operating Environment. Use the CD labeled: *

Solaris Installation English SPARC Platform Edition - All prompts, messages, and other installation information is displayed in English only.

Solaris Operating Environment System Administration I & II

Page 17 of 563

Solaris SA 1 & 2 - Training Material

*

Solaris Installation Multilingual SPARC Platform Edition - Select a language in which to display prompts, messages, and other installation information: • • • • • • • • • •

Simplified Chinese Traditional Chinese English French German Italian Japanese Korean Spanish Swedish

The last step in the pre-installation process is to make sure the following Solaris CD-ROM, set is available: •

Solaris Installation English SPARC Platform Edition or Solaris Installation Multilingual SPARC Platform Edition.

•

Solaris Software 1 of 2 SPARC Platform Editions and Solaris Software 2 of 2 SPARC Platform Editions.

•

Solaris Languages SPARC Platform Edition (if using the Multilingual CD).

Note - Before a software installation, always back up any modifications or data that exist in the previous version of the Solaris Operating Environment, and restore them after the installation is complete.

Solaris Operating Environment System Administration I & II

Page 18 of 563

Solaris SA 1 & 2 - Training Material

CHAPTER - 2

ADMINISTRATION OF SOFTWARE PACKAGES Objectives Upon completion, of this module, you should be able to: •

Describe a software package

•

View software package information, using the pkginfo command

•

Add a software package from the Solaris Software CD-ROM using the pkgadd. Command

•

Verify the attributes and content of a software package using the pkgchk command

•

Remove a software package installed on the disk using the pkgrm command

•

View, add, and remove software packages using the admintool

•

Add and remove a software package from a spool directory using the pkgadd and pkgrm

Solaris Operating Environment System Administration I & II

Page 19 of 563

Solaris SA 1 & 2 - Training Material

Software Packages Software administration involves adding and removing software from systems. Sun and its third-party vendors deliver products in a form called a software package. The term package to the method for distributing and installing software products to systems where the products, will be used. In its simplest form, a package is a collection of files and directories

Note - All the required software packages are installed automatically during the Solaris Software installation process.

Software packages contain: •

Files that describe the package and the amount of disk space required.

•

The actual software files to be installed on the system.

•

Scripts that are run when the package is added and removed.

The tools for viewing, adding and removing software from a workstation after the Solaris software is installed on a system include: •

Package administration commands - pkgadd, pkgrm, pkginfo, and pkgchk

•

The admintool utility - A graphical front-end to the pkgadd and pkgrm commands

Solaris Operating Environment System Administration I & II

Page 20 of 563

Solaris SA 1 & 2 - Training Material

The pkginfo Command You use the pkginfo command to display information about the software packages that have been installed on the local systems disk.

Command format

pkginfo [ -d [ device | pathname ] ] [ -1 ] pkg_name

For example:

# pkginfo | more <some output omitted> application SUNWAxg application SUNWaadm system SUNWab2m system SUNWab2r system SUNWab2s system SUNWab2u application SUNWabda application SUNWabe application SUNWabsdk

Solaris XGL 3 .3 Answer Book Solaris System Administrator Collection Solaris Documentation Server Lookup Solaris Documentation Server Solaris Documentation Server Solaris Documentation Server Sun ultra 5/10 Hardware AnswerBook Solaris User Collection Solaris Software Developer Collection

The columns of information that are displayed are described below.

CATEGORY

Is the package category, such as application, system, ALE, or CTL.

PKGINST

Is the software package name; if it begins with SUNW, it is a Sun Microsystems product; otherwise, it represents a third-party package.

NAME

Is a brief description of the software product.

Displaying Detailed Information for All Packages.

To view all the available information about the software packages, use the pkginfo command with the option: # pkginfo -l | more Solaris Operating Environment System Administration I & II

Page 21 of 563

Solaris SA 1 & 2 - Training Material

Displaying Detailed Information for a Specific Package To view information for a specific software package, specify us name on the command line, for example:

# pkginfo -1 SUNman PKGINST: NAME: CATEGORY: ARCH VERSION: BASEDIR: VENDOR: DESC: PSTAMP: INSTRELEASE: HOTLINE: STATUS FILES:

SUNWman On-line Manual Pages system sparc 41.0,REV=31 /usr Sun Microsystems, Inc. System Reference Manual Pages tinkertoymOS133331 May 19 2000 16:50 Please contact your local service provider completely Installed 6420 installed pathnames 3 shared pathnames 74 directories 73925 blocks used (approx)

The last line (73925 blocks used (approx), identifies the size of the package. A block is a 512-byte disk block. The blocks used number defines how much space is needed on the disk to install this package. To determine how many packages are currently installed on disk, use the following command: # pkginfo | wc -1

Displaying Information for Software Packages on CD-ROM By default, the pkginfo command is used to access information about packages that have been installed on disk.

Solaris Operating Environment System Administration I & II

Page 22 of 563

Solaris SA 1 & 2 - Training Material

Displaying Detailed Information for All Packages on CD-ROM To display information about software packages that resides on the Solaris Software CD-ROM (or other release media), use the pkginfo command with the -d option. This option defines the device on which the software packages reside.

# pkginfo -d /cdrom/ 0/s0/Solaris_x/Product | more

Displaying Detailed Information for Selected Package on CD-ROM # pkginfo -d /cdrom/cdrom0/s0/Solaris_10/Product -1 SUNWaudio PKGINST: SUNWaudio NAKE: Audio applications CATEGORY: system ARCH: spare VERSION: 3.6.20.REV=1.1999.12.03 BASEDIR: / VENDOR: Sun Microsystems, Inc. DESC: Audio binaries PSTAMP: dtbuild38sl9991204142646 INSTDATE: May 19 2000 16:35 HOTLINE: Please contact your local service provider. STATUS: spooled FILES: 5 spooled pathnames 2 directories 3 executables 4 package information files 681 blocks used (approx)

Solaris Operating Environment System Administration I & II

Page 23 of 563

Solaris SA 1 & 2 - Training Material

The pkgrm Command When a software package is removed from the system, the pkgrm command and deletes all files associated with that package unless those files are also shared with other packages. The command asks for confirmation to continue and might warn about possible package dependencies. If package dependencies do exist, it will again ask for confirmation to continue with the package removal process.

Command Format Pkgrm pkg__name For example: # pkgrm SUSWaudio The following package is currently installed: SUNWaudio

Audio applications (spare) 3.6.4,REV=1.98.12.03

Do you want to remove this package? y ## Removing installed package instance <SUNWaudio> ## Verifying package dependencies. WARNING: The <SUNWolrte> package depends on the package Currently being removed. WARNING: The <SUNWolaud> package depends on the package Currently being removed. WARNING: The <SUNWoldcv> package depends on the package Currently being removed. WARNING: The <SUNWxwkey> package depends on the package Currently being removed. Dependency checking failed. Do you want to continue with the removal of this package [y,n,?,q] y

Solaris Operating Environment System Administration I & II

Page 24 of 563

Solaris SA 1 & 2 - Training Material

Note - The message filename <shared pathname not removed> is displayed if a file is shared by two or more packages. It is removed only when the last package it is shared with removed

Solaris Operating Environment System Administration I & II

Page 25 of 563

Solaris SA 1 & 2 - Training Material

The pkgadd Command When a software package is added, the pkadd command uncompresses and copies files from the installation media to the local system’s disk. This command will ask for confirmation to continue with package add process.

Command Format Pkgadd [-d [device | pathname ] ] pkg_name For example: # pkgadd –d /cdrom/cdrom0/s0/solaris_10/Product SUNWaudio processing packages instance <SUNWaudio> from Audio applications (sparc) 3.6.4, REV=1. 98.12.03 copyright 1999 Sun Microsystems, INC. All rights reserved. Using as the package base director. ## processing package information. ## Processing system information. 2 package pathnames are already properly installed ## Verifying package dependencies. ## Verifying disk space requirements. ## Checking for conflicts with packages already installed. ## Checking for setuid/setgid programs. This package contains scripts, which will be executed with super-user permission during the process of installing these packages.

Do you want to continue with the installation of <SUNWaudio> [ y, n, ?] y

Installing Audio applications as <SUNWaudio>

## Installing part 1 of 1.

Solaris Operating Environment System Administration I & II

Page 26 of 563

Solaris SA 1 & 2 - Training Material

Installation of <SUNWaudio> was successful.

Solaris Operating Environment System Administration I & II

Page 27 of 563

Solaris SA 1 & 2 - Training Material

The pkgchk Command

The pkgchk command checks installation completeness pathname, file contents, and file attributes of a package.

Command Format

Pakgchk [ options ] [-p path …] [pkg_name]

The following example checks the contents and attributes of a software package currently installed on the system.

# pkgchk SUNWaudio

Note – If the pkgchk command does not display a message, it indicates that the package was installed successfully.

To list the file contained in a software package, type # pkgchk –v SUNWaudio To check any file to determine if its content and attributes have changed since it was installed with its software package, type: # pkgchk –p /etc/ passwd ERROR: /etc/passwd File size <414> expected <3391> actual File cksum <3439> expected <17254> actual The original /etc/passwd file has changed in size since the initial Solaris Operating Environment software installation. This is indicated by the Solaris Operating Environment System Administration I & II

Page 28 of 563

Solaris SA 1 & 2 - Training Material

differences in file size and checksum. The checksum is used to validate transported data.

Solaris Operating Environment System Administration I & II

Page 29 of 563

Solaris SA 1 & 2 - Training Material

The /var/sadm/Install/contents File The /var/sadm/install/contents file is a complete record of all the software packages installed on the local system disk. It references every file belonging to every software package, and the configuration of products installed can be viewed.

# more /var/sadm/install/contents The pkgadd command update the contents file whenever new packages are installed. The pkgrm command uses the contents file to determine where files for a software package are located on the system. Once a package is removed, pkgrm updates the contents file. This file can be queried to determine if a particular file has been installed on the system disk:

Solaris Operating Environment System Administration I & II

Page 30 of 563

Solaris SA 1 & 2 - Training Material

Identifying the Directory Location of a Command Use the grep command to search the /var/sadm/install/contents file to determine if a particular file was installed, and the directory where it is located. For or example, verify that the command showrev is installed on the system disk.

# grep showrev /var/sadm/install/contents /usr/bin/showrev f none 0755 root sys 30116 42078 943863705 SUNWadmc /usr/share/man/smanlm/showrev.lm f none 0444 bin bin 6398 62569 943312114 SUNWman Search the Solaris Operating Environment CD-ROM for Command Information

Use the grep command to search for the showrev command on the distribution media. Instead of searching the contents file on the system disk, in this example the information for the showrev command is contained in the pkgmap file. Every software package contained, on the distribution media has its own pkgmap, which contains a content list of each package. # grep showrev /cdrom/cdrom0/s0/Solaris_10/Product/*/pkgmap /cdrom/sol_10_sparc/s0/Solaris_10/Product/SUNWadmc/pkgmap:l f none usr/bin/showrev 0755 root sys 31276 44676 938676470

Solaris Operating Environment System Administration I & II

Page 31 of 563

Solaris SA 1 & 2 - Training Material

Using a Spool Directory For convenience, frequently installed software packages can be copied from the Solaris Software CD-ROM to a spool directory on the system. The pkgadd command, by default, looks in the /var/spool/pkg directory for any packages specified on the command line. Copying packages from the CD-ROM into spool directory is not the same as installing the packages on disk. To copy a package into the /var/spool/pkg directory: # pkgadd -d /cdrom/cdrom0/s0/Solaris 10/Product -s spool SUNWaudio Transferring <SUNWaudio> package instance The -s option with the keyword spool copies the package into the /var/spool/pkg directory by default.

Spooling Packages You can specify a different directory location using the -s option. In this example, a new directory is created, and then pkgadd is instructed to copy the package into the new spool directory.

# mkdir /export/pkgs # pkgadd -d /cdrom/cdrom0/s0/Solaris_10/Product -s /export/pkgs SUNWaudio Transferring <SUNWaudio> package instance # ls /export/pkgs SUNWaudio

Removing Packages from the Spool Directory You remove software packages from a spool directory using the pkgrm command with the -s option. # pkgrm -s spool SUNWaudio # pkgrm -s /export/pkgs SUNWaudio

Solaris Operating Environment System Administration I & II

Page 32 of 563

Solaris SA 1 & 2 - Training Material

Package Administration Summary The following section summarizes the tasks involved in package administration.

Package Command Summary Table 15-1 summarizes the commands used for package administration. Table 15-1 Package Administration Command Name

Description

Pkginfo

Lists packages installed on the system or available on distribution media. Installs packages, Removes packages. Verifies the attributes and contents of the path names belonging to packages.

pkgadd pkgrm pkgchk

Package Administration File and Directory Summary Table 15-2 describes a list of the files and directories used with package administration. Table 15-2 Files and Directories File or Directory

Description

/var/sadm/install/contents

Software package/map of the entire system.

/opt/pkgname

Preferred location for the installation of unbundled packages.

/opt/pkgname/bin or /opt/bin

Preferred location for the executable files of unbundled packages.

/var/opt/pkgname or /etc/opt/pkgname

Preferred location for log files of unbundled package.

Solaris Operating Environment System Administration I & II

Page 33 of 563

Solaris SA 1 & 2 - Training Material

MANAGING SOFTWARE PATCHES

Objective Upon completion of this module, you should be able to: •

List the locations to access patches

•

Explain how to access patches from the World Wide Web and anonymous ftp

•

Describe the different patch formats

•

Prepare a patch for installation

•

Install a patch using the patchadd command

•

Demonstrate how to verify what patches are currently installed

•

Remove a patch-using the patchrm command

Solaris Operating Environment System Administration I & II

Page 34 of 563

Solaris SA 1 & 2 - Training Material

Patch Administration The administration of patches involves installing or removing Solaris Operating environment patches from a running Solaris Operating Environment. A patch contains a collection of files and directories that replace existing files and directories that are preventing proper execution of the software. Some patches contain product enhancements. A patch is distributed as a directory that is identified by a unique number. The number assigned to a patch includes the patch base code first, a hyphen, and a number that represents the patch revision number. For example, a patch directory named 101945-02, indicates that 101945 is the base code, and 02 is the revision number.

Solaris Operating Environment System Administration I & II

Page 35 of 563

Solaris SA 1 & 2 - Training Material

Patch Distribution Sub customers have access to a general set of security patches and other recommended patches through the World Wide Web or anonymous ftp. Sun customers who have a Sun Services SM contract, have access to the Sunsolve database of patches and patch information, such as technical white papers, the Symptom and Resolution database, and more. These are available using the World Wide Web or anonymous ftp. A SunService customer can request to receive the Patch Update CD-ROMs, winch are released every six to eight weeks.

Solaris Operating Environment System Administration I & II

Page 36 of 563

Solaris SA 1 & 2 - Training Material

World Wide Web Patch Access To access patches on the World Wide Web site, the workstation has to be: •

Able to access the Internet

•

Capable of running Web browsing software, such as Netscape

To access patches using the World Wide Web, use the following URLs: http://sunsolve.sun.com http://sunsolve.sun,com.au http://sunsolve.sun.fr http://sunsolve.sun.de http://sunsolve.sun.co.jp http://sunsolve.sun.se http://sunsolve.sun.ch http://sunsolve.sun.co.uk

United States Australia France Germany Japan Sweden Switzerland United Kingdom

Or use the following URL, and navigate to the SunSolve patch database from the Support entry. http://www.sun.com From the Sun Microsystems home page, click on the Sales and Service button and navigate to the SunSolve patch database. The patch databases for publicly available patches are labeled "Public patch access." The patch database for the comprehensive set of patches and patch information available to contract customers is labeled "Contract customer patch access." The customer's assigned Sun Service password is required to access this database.

Solaris Operating Environment System Administration I & II

Page 37 of 563

Solaris SA 1 & 2 - Training Material

An Additional URL for patch Access The University of North (Carolina maintains a public patch site, as a cooperative venture between Sun Microsystems. Inc and the university. Publicly available patches can be accessed by using the URL: http://metalab.unc.edu/pub/sun-info/sun-patches/

Solaris Operating Environment System Administration I & II

Page 38 of 563

Solaris SA 1 & 2 - Training Material

Anonymous ftp Patch Access To access patches using anonymous ftp, the workstation must be: •

Able to access the Internet

•

Capable of running the ftp program

To access patches using ftp, use the ftp command to connect to: sunsolve.sun.com When ftp prompts for a login, enter anonymous as the login name. When prompted for the password, enter your complete email address

After the connection is complete, the publicly available patches are located in the /pub/patches directory.

An Additional ftp Site for Patch Access Publicly available patches can also be accessed by connecting to: http://metalab.unc.edu/pub/sun-info/sun-patches/ This site is also maintained by the University of North Carolina.

The ftp Patch Access Procedure The ftp utility has many commands; however, only a few are necessary for moving files from system to system. You can locate and copy patches to the local system with a few basic ftp commands. The following example shows the procedure for changing to the /tmp directory on the local system, connecting to the remote ftp site, locating a patch and its README file in the /pub/patches directory, and transferring (copying) both files to the local systems directory.

Note - To transfer patches, change the ftp transfer mode to binary, by typing bin at the ftp prompt.

Solaris Operating Environment System Administration I & II

Page 39 of 563

Solaris SA 1 & 2 - Training Material

For example: # cd /tmp # ftp sunsolve. sun.com Name (sunsolve.sun. com: root): anonymous 331 331 Welcome to the SunSolve Online FTP server. 331331-Public users .may log in as anonymous. 331331 Contract customers should use the following 2-tier login procedure: 331 331-At the first login prompt sunsolve 331 passwd: sunmicro 331331-At the second login prompt: <sunsolve login name> /<sunsolve passwd> 331 example: myssID/mypasswd 331 331 Public users may log in as anonymous; contract customers 331- Should use the standard sunsolve login and password, 331- Followed by their susolve account/password when prompted. 331331- Sunsolve6 FTP serve (Version wu-2.6.0(3) Wed Jan 5 15:02: 27 MST 2000) ready. 331- Guest login ok, send your complete e-mail address as password. Password:

230 Guest login ok, access restrictions apply. ftp> bin 200 Type set to I. ftp> cd /pub/patches ftp> Is 108277* 108277-01.zip 108277. readme ftp> mget 108277* mget 108277-01.zip? Y. mget 108277.readme? Y ftp> cd . ftp> Is ftp> bye cd. / tmp ; 1s 108277-01.zip, 108271. readme

Solaris Operating Environment System Administration I & II

Page 40 of 563

Solaris SA 1 & 2 - Training Material

Downloading Patches When patches are downloaded to the local system, the patches must be placed in a temporary directory to prepare them for installation. The directory most often used is the /var/tmp directory. The most common reason for patch installation failure is directory permission/ownership problems. The /var/tmp directory is open to all and eliminates any of these types of problems.

Solaris Operating Environment System Administration I & II

Page 41 of 563

Solaris SA 1 & 2 - Training Material

Patch informational Documents There are important summary documents that list all recommended patches for every version of the operating system, including a detailed list of all patches for each operating system release. Table 16-1 Patch Documents

Patch Document

Contents

Solaris10.PatchReport

A summary of all recommended patches for the Solaris Operating Environment release.

10_Recornmended.zip

A patch cluster containing all the recommended patches for the Solaris Operating Environment release.

8_Recororaended README Instructions for how to install the recommended patches for the Solaris Operating Environment.

Start with the Patch Report document first. This report is divided into several different categories regarding information about all patches for a Solaris OS Release.

Listing Patch Documents Using ftp The following example demonstrates how to use ftp to locate the Patch Report using a wildcard file search. Once found; the document is copied to a directory on the local system. For example :) # cd /var/tmp # ftp sunsolve. sun. com

ftp> cd /pub/patches ftp> Is *8.PatchReport 200 PORT command successful. 150 Opening ASCII mode data connection for file list. Solaris10 Patch Report Solaris10_x86 Patch Report 226 Transfer complete, remote: * 10* PatchReport 48 bytes received in 0.00035 seconds (1.4e+02 Kbytes/s) ftp> get Solaris10.PatchReport ftp> bye

Solaris Operating Environment System Administration I & II

Page 42 of 563

Solaris SA 1 & 2 - Training Material

The Soiaris8.PatchReport can then be read to determine what patch number(s) may need to be retrieved for installation on the system. Tide: Solaris Patch Report Update as of 17/Apr/00 ============================================================= Report Notes Section: This report is generated to provide a summary list of patches released and available from Sun Microsystems for the listed product. There are updates of this report twice each month.

... ============================================================= Quick Reference Section: ============================================================= New Patches Released Since Last Report: ---------------------------------------------------This is the first Report. Update Revs Released Since Last Report; ---------------------------------------------------This is the first Report. Solaris Recommended Patches: ----------------------------------------------------(No Official Recommended List At This Time) Solaris Patches Contains- Security Fixes: ----------------------------------------------------------Solaris Patches Containing y; 00: -----------------------------------------------Solaris Obsolete Patches: -------------------------------------------Solaris Complete Listing of Released Patches: Total Patches: 30 Total Bug fixes: 59 SunOS Released Patch List: ============================================================= Patch-ID* 108504-03 Synopsis: SunOS 5.8: Elite3D AFB Graphics Patch Build is fixed with this patch: 4234045 4294963 4300089 4303885 4308125 Changes incorporated in this version: 4303865 4308725 Date: Kax/16/00 Patch-ID* 1-08605-03 Synopsis: SunOS 5.8: Creator 8 FFB Graphics Patch BugId's fixed with this patch: 4234015 4294953 4303885 4308725 Changes incorporated in this version: 4303685 4308725 Date: Kar/16/CO Patch-ID= 103609-01 Synopsis: SunOS 5.8: Buttons/Dials Patch BugID is fixed with this patch: 4299526

… Figure 16-2 Sample Solaris S Patch Report Solaris Operating Environment System Administration I & II

Page 43 of 563

Solaris SA 1 & 2 - Training Material

Note - No, all patches available from Sun Microsystems need to be installed. It is only necessary to install the Recommended Patches, Security Patches, and those required to fix problems specific to your site.

The /var/sadm/patch Directory Historical information about all patches currently installed on a system is stored in /var/sadm/patch directory. For example: # ls / var/sadm/patch. 107558-05 107594-04 107696-01 107817-01

107630-01 107582-01

107663-01 107612-06.

107683-01 107640-03

You should never modify or delete this directory. If you damage this directory, you can make it impossible to add or remove patches, add new software, or upgrade the Solaris Operating Environment without having to first reload the entire system software.

Solaris Operating Environment System Administration I & II

Page 44 of 563

Solaris SA 1 & 2 - Training Material

Patch Formats Patches come in three different formats depending on the Solaris version and where the patch had been retrieved. For example: •

The Solaris and Solaris 9 Operating Environment patches are in zip format, for example: 105050-01 .zip.

Note - Some patches that fix applications on the Solaris Operating Environment can be in the tar. z format. •

The Solaris 2.6 (and earlier) Operating Environment patches are compressed tar files in a tar.Z format, for example: 104040-01.tar.Z.

•

The Solaris 2.6 (and earlier) Patch Update CD-ROM contains patches that are gzip compressed tar files, for example: 112340- 01. tear. gz

Preparing Patches for Installation For the Solaris 5.x and Solaris 9 Operating Environments, use the unzip command to extract the patch files. # /usr/bin/unzip 105050-01.zip For Solaris 2.6 Operating Environment patches use the zcat command to uncompress the patch files and the tar command to create the patch directories. # /usr/bin/zcat 104040-01. tar .z | tar xvf For the Solaris 2.6 Operating Environment patches retrieved from the Patch Update CD-ROM, use the gzcat command to uncompress and create patch directories.

Solaris Operating Environment System Administration I & II

Page 45 of 563

Solaris SA 1 & 2 - Training Material

The patchadd and patchrm Commands You have two commands available for managing patches: •

patchadd - Used to install unpacked patches to the Solaris Operating Environment.

•

patchrm-Used to remove patches installed on the Solaris Operating Environment.

Solaris Operating Environment System Administration I & II

Page 46 of 563

Solaris SA 1 & 2 - Training Material

Installing a Patch When a patch is installed, patchadd calls the pkgadd command to install the patch packages. Patch installation procedure differs depending on the current version of the Solaris Operating Environment software installed on the system. The examples below describe the procedure for patch installation on PreSolaris 2.6 Operating Environment, and those systems currently Installed with Solaris 2.6 and above, (for example, the Solaris 5.x or Solaris 9 Operating Environments). Both examples assume the patch to be installed exists in the /var/tmp directory and has been prepared, or extracted for installation. Installing a Patch in the Solaris 2.6 Operating Environment and Later Versions

For the Solaris 2.6 and above Operating Environments, use the patchadd command. The following shows how to install a patch using the patchadd command. #cd /tmp # patchadd 105050-01 Checking installed patches... Verifying sufficient file system capacity (dry run method) Installing patch packages... Patch number 105050-01 has been successfully installed. See /var/sadm/patch/105050-01/log for details. Patch packages installed: SUNWhea

Solaris Operating Environment System Administration I & II

Page 47 of 563

Solaris SA 1 & 2 - Training Material

Figure 16-4 illustrates those components of the /var/sadm directory that are update4d during the installation of patch 105050-01

var sadm

pkg

patch 105050-01

SUNWcsu.

SUNWhea README.105050-01

pkginfo

log

save pkginfo

save

(Updated by patch)

105050-01 undo.Z

Figure 16-4

Updated /var/sadm directories

Installing a Patch in a Pre-Solaris 2.6 Operating Environment Before the Solaris 2.6 Operating Environment, the patchadd command was not available in the Solaris Operating Environment. Instead, each patch contained an install patch program. The following shows the steps needed to install a patch on a system. # cd /tmp/102301-01 # ls Install. info README.102 301 -01

SUNWcsu SUNWscpu

Solaris Operating Environment System Administration I & II

backoucpatch installpatch

Page 48 of 563

Solaris SA 1 & 2 - Training Material

# ./installpatch Checking installed packages and patches.... Generating list of files to be patched. . . Verifying sufficient file system capacity (exhaustive Method) . Installing patch packages.... Patch number 102301-01 has been successfully installed. See /var/sadm/patch/102301-01/log for details Patch packages installed: SUNWcsu SUNWscpu

Caution - Both patchadd and installpatch have a -d option available that instructs the commands not to save copies of the flies being updated or replaced in the /var/sadm/patch directory. This is often used to save disk space over time. However, it also prevents being able to back out or remove-a patch from the system.

Solaris Operating Environment System Administration I & II

Page 49 of 563

Solaris SA 1 & 2 - Training Material

Removing a Patch When you remove a patch, the patchrm command restores all files that were modified or replaced by that patch, unless: •

The patch was installed with patchadd -d (which instructs patchadd not to save copies of files being updated or replaced).

•

The patch is required by another patch

•

The patch has been obsoleted by a later patch

The patchrm command calls pkgadd to restore packages that were saved from the initial patch installation.

Removing a Patch from the Solaris 2.6 and Later Opera ting Environments For the Solaris 2.6 and above Operating Environments, use the patchrm command. The following shows how to remove a patch using the patchrm command. # patchrm 106793-01 Checking installed packages and patches... Backing out patch 106193-01... Patch 106793-01 has been backed out. Removing a Patch from the Pre-Solaris2.6 Operating Environments

Before the Solaris 2.6 Operating -Environment, the patchrm command was not available. Instead, each patch contained a backoutpatch program. # cd /var/sadm/patch/102301-01 # ./backoutpatch. 102301-01

Solaris Operating Environment System Administration I & II

Page 50 of 563

Solaris SA 1 & 2 - Training Material

Checking Current Patch Status Before installing patches, you should know about patches that have been previously installed on a system. There are two commands available that provide useful information about currently installed patches. # showrev -p Patch: 106793-01 Obsoletes: Requires: Incompatibles: Packages: SUNWhea # patchadd -p Patch: 106793-01 Obsoletes: Requires: Incompatibles: Packages: SUNWhea

Solaris Operating Environment System Administration I & II

Page 51 of 563

Solaris SA 1 & 2 - Training Material

CHAPTER – 2 Objectives

SYSTEM SECURITY

Upon completion of this module, you should be able to: ‰

Create the /var/adm/loginlog file to save failed login attempts

‰

Monitor system usage with the commands finger, last, and rusers

‰

Use the su command to become the root user or another user on the system

‰

Modify the /etc/default/login file to restrict root access

‰

Use the commands id and groups to identify users and their group memberships

‰

Change a file's owner or a file's group using the commands chown and chgrp, respectively

‰

Explain how the special permissions setuid, setgid, and the Sticky Bit can affect system security

‰

Create, modify, and delete access control lists (ACLs) on. files

‰

Control remote login access by maintaining three basic network files: /etc/hosts.equiv, $HOME/. rhosts, and /etc/ ftpusers

Solaris Operating Environment System Administration I & II

Page 52 of 563

Solaris SA 1 & 2 - Training Material

Managing System Security Overview Two important responsibilities of the system administrator are controlling access and securing data on a system. The Solaris operating environment provides some standard Security features for controlling access by unauthorized users and for protecting files on local and remote systems. Some basic steps that you should take to manage security at the user, file, system, and network level include: ‰

Maintaining password and login control

‰

Monitoring system usage

‰

Restricting access to data contained in files

‰

Tracking root logins

‰

Monitoring setuid programs

‰

Controlling remote access on the network

Solaris Operating Environment System Administration I & II

Page 53 of 563

Solaris SA 1 & 2 - Training Material

Managing Login and Access Control All accounts on the system must have a password. Any account without a password allows unauthorized access to the local host and to the entire network.

The pwconv Command The pwconv command creates and updates the /etc/shadow file with information from the /etc/passwd file. It is the pwconv command that relies on the special value of 'x' in the password field of /etc/passwd The 'x' indicates that the password for the user already exists in the /etc/shadow file. If the /etc/shadow file does not exist, pwconv creates with the information from /etc/passwd. If the /etc/shadow file does exist, the following tasks are performed: ‰ ‰

Entries that are in the /etc/passwd file and not in the /etc/shadow file are added to the shadow file. Entries that are in the /etc/shadow file and not in the /etc/passwd file are removed from the shadow file.

Recording Failed Login Attempts When a user logs in to a system, locally or remotely, from the command line only, the login program consults the /etc/passwd and /etc/shadow file to authenticate the user by verifying the user name and password entered If the user provides a login ID name from the /etc/passwd file and the correct password for that login name, the login program grants access to the system It the user name is not in the /etc/passwd file or the password is not correct for the user name, the login program denies access to the system

Solaris Operating Environment System Administration I & II

Page 54 of 563

Solaris SA 1 & 2 - Training Material

You can save failed login attempts to a file, which is a useful tool for determining if attempts are being made to break into a system. You can record failed login attempts can be recorded in the file /var/adm/loginlog By default, the loginlog file does not exist. To enable logging, you must create this file with read and write permissions for root only. # touch /var/adm/loginlog All failed login activity is written to this file automatically after five failed attempts. The loginlog contains one entry for each of the failed attempts. Each entry contains the user's login name, TTY device, and time of the failed attempt. If there are fewer than five failed attempts, no activity is logged to this file.

Solaris Operating Environment System Administration I & II

Page 55 of 563

Solaris SA 1 & 2 - Training Material

Monitoring System Access All systems should be monitored routinely for unauthorized user access. Use the who command. to see who is on the system. It looks in the /var/adm/utmpx file to obtain this information. The who command displays a list of users currently logged on to the local system, with their login name, login device (TTY port), login date and time, and the elapsed time since last activity. If a user is logged on remotely, the remote hostname for that user is displayed.

Displaying Users on the System To display the users who are currently on the system, execute the who command:

# who user2 User5 user9

console pts/3 pts/7

May 24 May 24 May 24

10:17 17:36 08:21

(:0) (:0.0) (:0.0)

Login Device Types The second field displayed by the who command defines the user's login device, which can be one of the following: ‰

console - The device used to display system boot and error messages.

‰

pts -The pseudo device that represents a login or window session without a physical device. Remote logins are represented by this type of device,

‰

term - A device physically connected to a serial port, such as a terminal or a modem,

Solaris Operating Environment System Administration I & II

Page 56 of 563

Solaris SA 1 & 2 - Training Material

Displaying User Information To display detailed information about users either locally or remotely, use the finger command.

Command Formal finger -m username finger -m username@remotehostname -m - Match arguments only on username (not first or last name). The finger command displays the user's login name, home directory path, login time, login device name, data contained in the comment field of the /etc/passwd file (usually the user's full name), login shell, and the name of the host if logged in remotely.

Displaying User Information To display user information, execute the following: # finger user9 Login name: user9 In real life: user9's Account Directory: /home/user9 Shell: /bin/ksh On since Apr 14 08:57:37 on console from : 0 No unread mail No. Plan. If a user creates the standard ASCII files .plan or .projects in their home directories, the content of those files is shown as part of the output of the finger command. Those files are traditionally used to outline a user's current plans or projects, and must be created with file access permissions set to 644 (rw-r--r--).

Solaris Operating Environment System Administration I & II

Page 57 of 563

Solaris SA 1 & 2 - Training Material

Displaying a Record of Login Activity Use the last command to display a record of all logins and logouts with the most recent activity at the top of the output. It looks in the /var/adm/wtmpx file, which records all logins and logouts. Each entry includes user name, the login device, host logged in from, date and time logged in, time of log out, and total login time in hours and minutes, including entries for system reboot times. The following is an example of the last command: # last userl user9 userS reboot root userS

pts/4 pts/7 pts/12 system boot console pus/3

hostl hostl hostl :0 hostl

Fri Dec 18 Tue Dec 8 Thu Dec 3 Wed Dec 2 Tue Dec 1 Tue Dec 1

10:24 - 11:00 09:39 - 09:49 15:16 - 15:18 08:44 15:12 - 15:12 16:13 - 16:39

(00:36) (00:10) (00:02) (00:00) (00:26)

The last command can also display information about an individual user, for example: # last user9 user9

pts/7

hostl

Tue Dec 8

09:39 - 09:49 (00:10)

To view system reboot times only, execute the following command: # last reboot reboot system boot reboot system boot reboot system boot

Fri Feb 11 10:15 Wed Jan 26 14:58 Mon Jan 3 16:30

Solaris Operating Environment System Administration I & II

Page 58 of 563

Solaris SA 1 & 2 - Training Material

Displaying Users on Remote Systems The rusers command produces output similar to the who command but displays users logged in on remote hosts. The list is displayed in the order the responses are received from the hosts — displaying the user's name and the host's name. A remote host responds only to the rusers command, if its rpc. rusersd daemon is enabled. It is the network server daemon that returns the list of users on the remote hosts.

Command Format rusers [ -1 ] The rusers -1 command displays a list of login names of users who are logged in on remote systems, along with the name of the system a user is logged into, the TTY port (login device), the month, date, login time, and idle time. If the user is not idle, no time is displayed in the last field. .

For example: # rusers -1 userS root user4 user6

remotehostl :pts/4 remotehostl:console remotehost5:pts/12 remotehost2:console

Feb 22 11:48 Feb 22 09:31 Feb 22 8:00 Feb 22 13:41

Solaris Operating Environment System Administration I & II

27 (:0) 28:10 (:0) 1:43 (:0) 9 (:0)

Page 59 of 563

Solaris SA 1 & 2 - Training Material

Accessing root Privileges As the system administrator, you should log in only to the root account to perform administration tasks. You should avoid performing routine work as root. This helps protect the system from unauthorized access, as it reduces the likelihood that the system will be left unattended with root logged in. Also, critical mistakes are less likely to occur if routine work is done as a regular system user. You can become root on a system by either: ‰ ‰

Logging in directly as root, and supplying the root password. Logging in as a regular user, then invoke the su command and supply the root password.

You should log in under a regular user account, then become root by using the su command, to access system files or run administration commands.

Using the su Command to Become another User The su command allows a user to become another user, without logging off the system. . Command Format su [ - ] [ username ] To use su, you must supply the appropriate password unless the user is already root. The root user can run su without passwords. If the password is correct, su creates a new shell process, as specified in the shell field of that user's /etc/passwd file entry The su (dash) option specifies a complete login. It changes the user's work environment to what would be expected if the user had logged in directly as that specified user.

Solaris Operating Environment System Administration I & II

Page 60 of 563

Solaris SA 1 & 2 - Training Material

Effective User ID and Effective Group ID When you run the su command, the effective user ID (EUID) and the effective group ID (EGID) are changed to the new user to whom you have switched. Access to files and directories is determined by the value of the EUID and EGID for the switched user, rather than the UID and GID of the user who originally logged in to the system.

Note - This is important because file and directory access is determined based on the value of the EUID and EGID of the user that you have become.

Using the whoami Command The whoami command displays the switched user's effective current user ID.

Displaying the Effective Current Username For example, userl is logged into the system under that login name. This user then runs the su command to become root and enters the root password. The whoami command displays the user's effective user ID.

$ su password: # whoami root #

(type in the root password)

Solaris Operating Environment System Administration I & II

Page 61 of 563

Solaris SA 1 & 2 - Training Material

Using the su Command to Become root To use the su command io become root: 1.

Log in directly (from the login window) as a regular user. For example: userl

2.

At the shell prompt, in a terminal window, type su and press Return. Type the root password and press Return. $ su Password:

3.

To display the original login, type the command whoami and press Return. # who am i userl pts/11 Apr 25 15:45 (:0.0)

4.

To determine the login name of the user switched to, type whoami and press Return. # whoami root

5.

To determine where the user is currently located, type pwd and press Return. The Location is the original user's home directory. # pwd

6.

To exit the root session and return to the original user, type exit and press Return. # exit $

In the default system configuration, root login is restricted to the console. This means that you cannot remotely log in to a system as root. To remotely log in to a host, you must log in as a regular user and then run the su command to become root.

Solaris Operating Environment System Administration I & II

Page 62 of 563

Solaris SA 1 & 2 - Training Material

To switch a another user and have that user environment: At the shell prompt, type su with the dash (-) option, the name of the user to become, and press return. Type the password for the user account and press return fro example: S su – user2 Password Determine the login name of the user switched to by typing whoamin and pressing return. S whoami User2 Determine where the user is indicated, type pwd and press Return the location is the new user home directory. Pwd

Display the login name of the user originally logged in as by typing whoami and pressing return. Who am I User1

pts/4

app 25 15:55

(:0.0)

To return to the original user status and home directory, type the following command and press return. Exit

Solaris Operating Environment System Administration I & II

Page 63 of 563

Solaris SA 1 & 2 - Training Material

The sysadmin Group Any user who is a member of the sysadmin group (GID 14) can run admintool for the purpose of managing local system files and functions, such as adding and removing users, groups, software, printers, and serial devices. If you have not added any user to this group then only root can run the admintool utility.

Note - Members of the sysadmin group can also invoke Solstice Adminsuite™, a Solaris Operating Environment server product used to locally or remotely manage important system files and functions.

Solaris Operating Environment System Administration I & II

Page 64 of 563

Solaris SA 1 & 2 - Training Material

Managing User Access Located in the /etc/default directory are three system files root can modify to monitor who is using the su command; restrict root access; and set up system-wide password aging for every user who logs in to the system. ‰ ‰ ‰

The /etc/default/su file controls how su attempts are logged. The /etc/default/login file can be set to restrict root access. The /etc/default/password file can be set up to enforce system-wide password aging.

Solaris Operating Environment System Administration I & II

Page 65 of 563

Solaris SA 1 & 2 - Training Material

Monitoring su Attempts For security reasons, you must monitor who has been using the su command, especially those user's who are trying to gain root, access on the system. You can set this using the /etc/default/su file. The following is the content of the /etc/default/su file. #ident

"@#su.dfl

1.6

93/08/14 SKI"

/* SVr4.0 1.2

*/

#SULOG determines the location of the file used to log all su attempts ft # SULOG=/var/adm/sulog #CONSOLE determines whether attempts to su to root should be logged #to the named device # #CONSOLE=/dev/console # PATH sets the initial shell PATH variable # #PATH=/usr/bin: # SUPATH sets the initial shell PATH variable for root # #SUPATH=/usr/sbin: /usr/bin #SYSLOG determines whether the syslog(3) LOG_AUTH facility should be #used to log all su attempts. LOG_NOTICE 'messages are generated for #su's to root, LOG_INFO messages are generated for su's to other #users, and LOG_CRIT messages are generated for failed su attempts. # SYSLOG=YES

The CONSOLE Variable The CONSOLE variable, by default, is ignored because of the preceding comment (#) symbol. Therefore, all attempt are logged to the console regardless of success or family

Solaris Operating Environment System Administration I & II

Page 66 of 563

Solaris SA 1 & 2 - Training Material

By removing the comment symbol, the value of the CONSOLE variable is defined for /dev/console and all successful su attempts to become root are logged to the console. The /var/adm/sulog file contains only unsuccessful attempts. Feb 2 11:20:07 hostl su: pts/4 userl-root

‘su root’ succeeded for userl on /dev/pts/4 SU 02/02 11:20 +

The SULOG Variable The SULOG variable specifies the name of the file in which all su attempts to switch to another user are logged. If undefined, su logging is turned off. The entries in this file include the date and time the command was issued, whether it was successful (shown by the + symbol for success or the - symbol for failure), the device from which the command was issued, and finally the name of the user and the switched identity. For example: # more /var/adm/sulog SU 10/20 14:50 + console root-sys SU 10/20 16:55 + pts/2 user3-root SU 11/05 11:21 - pts/3 root-userl

Solaris Operating Environment System Administration I & II

Page 67 of 563

Solaris SA 1 & 2 - Training Material

Restricting root Access The /etc/default/login file gives you the ability to protect the root-account on a system by restricting root access to a specific device. The following shows (he content of the /etc/default/login file. # ident "@ (#) login, dfl 1.8 96/10/18 SMI" /* SVr4.0 1.1.1.1 */' # # Set the TZ environment variable of the shell. # TIMEZONE=EST5EDT # # ULIMIT sets t-.h-- file size limit for the login. Units are disk blocks. # The default of zero means no limit. # ULIMIT=0 # # If CONSOLE is set, root can only login on that device. # Comment this line out to allow remote login by root. # CONSOLE=/dev/ console # # PASSREQ determines if login requires a password. PASSREQ=YES # # ALTSHELL determines if the SHELL environment variable should be set ALTSHELL=YES # #PATH sets the initial shell PATH variable #PATH=/usr/bin: # # SUPATK sets the initial shell PATH variable for root # SUPATH=/usr/sbin: /usr/bin # # TIMEOUT sets the number of seconds (between 0 and 900) to wait before # abandoning a login session. # TIMEOUT=300 # # UMASK sets the initial shell file creation mode mask. See umask(1) # UMASK=022 # SYSLOG determines whether syslog(3) LOG_AUTH facility should in # used to log all root logins at level LOG_NOTICE and multiple failed # login attempts at LOG_CRIT. SYSLOG_YES

Solaris Operating Environment System Administration I & II

Page 68 of 563

Solaris SA 1 & 2 - Training Material

The CONSOLE Variable You can set the CONSOLE variable to specify one of three possible conditions for restricting root logins: ‰

If the variable is defined as CONSOLE=/dev/console, root login only at the system console. Any attempt to login as root from any other device generates the error message: # rlogin hostl Not on system console Connection closed.

‰

If the variable is not defined, root can log in to the system from any device either across the network, through a modem, or using an attached terminal.

‰

If the variable does not have a value assigned to it (for example CONSOLE=) then root cannot log in from anywhere, not even the console, The only way to become root on the system is to log in as a regular user and become root using the su command.

Solaris Operating Environment System Administration I & II

Page 69 of 563

Solaris SA 1 & 2 - Training Material

Implementing System-Wide Password Aging You can force every user on the system to change their password on a regular basis, without having to set up individual password aging for each user in the /etc/shadow file. This is done by modifying the /etc/default/passwd file. There are, three different variables in the file: MAXWEEKS, MINWEEKS, and PASSLENGTH, as shown in the following sample file. # cat passrwd # ident @ (#) passwd.dfl 1.3 92/07/14 SMI" MAXWEEKS= MINWEEKS= PASSLENGTH=6

The /etc/default/passwd File Variables The following sections describe the /etc/default/passwd file variables.

The MAXWEEKS Variable. The value set for the MAXWEEKS variable specifies the maximum number of weeks (sevenday weeks) a password is valid before it must be changed for all regular users. If there is no value set for this variable, which is the default setting, only users who have a value for Max Change specified in the fourth field of the /etc/shadow file must change their passwords at the specified number of days.

The MINWEEKS Variable The value sot for the MINWEEKS variable specifies the minimum number of weeks between password changes for all regular users. If there is no value set for this variable, which is the default setting, only users who have a value for Min Change specified in the fifth field of the /etc/shadow file are limited as to when they can change their passwords.

Solaris Operating Environment System Administration I & II

Page 70 of 563

Solaris SA 1 & 2 - Training Material

Note - The password aging entries in the /etc/shadow file take precedence over the /etc/default/passwd file entries for individual users.

The PASSLENGTH Variable. The PASSLENGTH variable specifies a minimum password length for all regular users between the six and eight values. Numbers below six default to six character passwords, and numbers above eight default to eight character passwords.

Solaris Operating Environment System Administration I & II

Page 71 of 563

Solaris SA 1 & 2 - Training Material

Restricting Access to Data in Files When you have established login restrictions, the next task is to control access to the data on the systems. Of course, some users need to be allowed to read various files, other users need permission to change and delete files, and there are some files that no user should be able to access. Users who need to share files should be put in a group.

Note - In general, you use file access permissions to determine what users or groups have permission to read, modify, or delete files.

Solaris Operating Environment System Administration I & II

Page 72 of 563

Solaris SA 1 & 2 - Training Material

Determining a User's Group Membership The groups command display group memberships for the user. For example, to see what groups you belong to, type the following command: # groups staff class To list the groups to which a specific user belongs, use the groups command with the user's name as an argument. For example: # groups user5 staff class sysadmin

Solaris Operating Environment System Administration I & II

Page 73 of 563

Solaris SA 1 & 2 - Training Material

Identifying a User Account You use the id command to further identify users by listing their UID, username, group ID, and group name. This is useful information when troubleshooting file access problems for users.

The id command returns the effective user ID and name. For example, if you logged in as userl and then used su to become user4, the id command reports information for the user4 account.

Command Format id [ options ]

[ username ]

For example, to view your user account information: $ id uid 101(userl) gid=300(class) To view ill the account information for a specific user, use the -a option: $ id -a userl uid=101(userl) gid=300(class) groups=14(sysadmin)

Solaris Operating Environment System Administration I & II

Page 74 of 563

Solaris SA 1 & 2 - Training Material

Changing a File's Ownership with the chown Command You might need to use the chown command to change the original owner of a file or directory to another user on the system. By default, only root can change the ownership of a file or directory.

Command Format chown [ option(s) ] user_name filename(s) or chown [ option (s) ] UID filename (s)

Note - The username and the UID must exist in the /etc/passwd file.

Changing File Ownership In this example, a user named userl created a file called file7. # cd /export/home/user1 # ls -l file7 -rw-r—r— #

1

userl

staff

672 Jun 1 15:11

file7.

Use the chown command to give this file to a new user named user2 and verify the new ownership. # chown user2 file7 # ls -1 file7 -rw-r--r--

1

user2

staff

672 Jun 1 15:12

file7

# The file is now owned by user2. This file is still in the home directory of userl. The users need to determine if the file should be moved to a new directory location.

Solaris Operating Environment System Administration I & II

Page 75 of 563

Solaris SA 1 & 2 - Training Material

Changing Directory Ownership In the next example, userl owns a directory called dir4. # Is -Id dir4 drwxr-xr-x 8 userl staff #

512 Apr .22 12:51

dir4

Use the chown command to give this directory and all of its contents (files and subdirectories) to user2. # chown -R user2 dir4 # ls -Id dir4 drwxr-xr-x 8 user2 #

staff

512 Jun 1 15:14

dir4

The -R option makes the chown command recursive. It descends through the directory and any subdirectories setting the ownership UID as it moves through the directory hierarchy.

Changing User and Group Ownership Simultaneously The chown command also gives the owner the ability to change both the ownership and group membership of a file or directory at the same time. # chown user3:class file2 Additionally, you can use the -R option to recursively descend a directory hierarchy, changing ownership and group membership of the directory and its contents, simultaneously. # chown -R user3: class dirl

Solaris Operating Environment System Administration I & II

Page 76 of 563

Solaris SA 1 & 2 - Training Material

Changing a File's Ownership With the chgrp Command The chgrp command can be used by root, or the file's owner, to change the group ownership of files and directories to another group on the system. However, the file owner must also belong to that new group.

Command Format chgrp groupname filename(s) chgrp GID filename (s) Note - The groupname and GID must exist in the /etc/group file. For example, the file called file 4 currently belongs to a group named staff. # Is -1 file* -rw-r— r— 1 #

userl

staff

874 Jun 1 15:08

file4

Use the chgrp command to give this file to a new group named class, and verify the new group ownership. # chgrp class file4 # Is -1 file* -rw-r— r-- 1 userl class

874 Jun 1 15:09

file4

Now all users who are members of the group called class have shared access to this file.

Solaris Operating Environment System Administration I & II

Page 77 of 563

Solaris SA 1 & 2 - Training Material

Special File Permissions Three types of special permissions are available for executable files and public directories. These include: ‰

setuid Permission

‰

setgid Permission

‰

Sticky Bit Permission

Solaris Operating Environment System Administration I & II

Page 78 of 563

Solaris SA 1 & 2 - Training Material

The setuid Permission When set-user identification (setuid) permission is set on an executable file, a user or process that runs this executable file is granted access based on the owner of the file (usually root) instead of the user who started the executable. This allows a user to access files and directories that are normally accessible only by the owner. Plus many executable programs must be run as root, sys, or bin to work properly. For example: -r-sr-xr-x

1 root

sys

17156 Jan

5 17:03

/usr/bin/su

The setuid permission displays as an "s" in the owner's execute field.

Note - If a capital “S" appears, it simply indicates that the setuid bit is on and the execute bit "x" is off or denied. The root user and the owner can set the setuid permissions on an executable file using the chmod command and the octal value 4000. For example: # chcnod 4555 executable_file Except for those setuid executable files that exist by default in the Solaris Operating Environment, the system administrator should disallow the use of setuid programs, or at least restrict their use. To search for files with setuid permissions and to display their full pathname, execute the following command: # find / -perm -4000

Solaris Operating Environment System Administration I & II

Page 79 of 563

Solaris SA 1 & 2 - Training Material

The setgid Permission The set-group identification (setgid) permission is similar to setuid, except that the effective group ID of the user or the process is changed to the group owner of the file. Also, access is granted based on the permissions assigned to that group. For example, the mail program has a setgid permission used to read mail, or send mail to other users. -r-x—s—x

1

root

mail

61288 Jan 5 16:57

/usr/bin/mail

The setgid permission displays as an "s" in the group execute field.

Note -If a lowercase letter "1." appears, it indicates that the setgid bit is on and the execute bit is off or denied. This indicates that mandatory file and record locking occurs during access.

The root user and the owner can set setgid permissions on an executable file using the chmod command and the octal value 2000. For example: # chmod 2555 executable_file

Shared Directories The setgid permission is a useful feature for creating shared directories. When a setgid permission is applied to a directory, files created in the directory belong to the group to which the directory belongs. For example, if a user has write permission in the directory and creates a file there, that file belongs to the same group as the directory, and not the user's group. To create a shared directory, you must set the setgid. bit using symbolic mode: # chmod g+s shared_directory

Solaris Operating Environment System Administration I & II

Page 80 of 563

Solaris SA 1 & 2 - Training Material

Searching for setgid Flies and Directories To search for files with setgid permissions and display their full pathname, execute the following command: # find / -perm -2000

Solaris Operating Environment System Administration I & II

Page 81 of 563

Solaris SA 1 & 2 - Training Material

The Sticky Bit Permission The Sticky Bit is a special permission that protects the files within a publically writable directory. If the directory has the Sticky Bit set, a file can be deleted only by the owner of the file, the owner of the directory, or by root. This prevents a user from deleting other users' files from publicly writable directories. For example: # Is -Id /tmp drwxrwxrwt 6 root sys

719 May 31 03:30 /tmp

The Sticky Bit is displayed as the letter "t" in the execute field for other.

Note - If a capital “T" appears, it indicates that the Sticky Bit is on, however, the execute bit is off or denied.

The root user and the owner can set the Sticky Bit permission on directories using the chmod command and the octal value 1000. For example: # chmod 1777 public_directory

Searching for Directories with a Sticky Bit Permission To search for directories with Sticky Bit permissions and display their full pathname, execute the following command:

# find / -type d -perm -1000

Note - For more detailed information on the Sticky Bit, execute the following command: man sticky

Solaris Operating Environment System Administration I & II

Page 82 of 563

Solaris SA 1 & 2 - Training Material

Access Control Lists Access Control Lists (ACLs) can provide greater control over file access permissions when traditional file protection is not enough. An ACL provides better file security by enabling you to define file permissions for the file owner, file group, other, specific users and groups. ACLs also enable you to set default permissions for each of these categories. For example, if the system administrator wanted everyone in a particular group to be able to read a file, you would simply give the group read permissions on that file. However, what if the system administrator wanted only one person in that group to be able to write to that file? ACLs can provide that level of file security, where traditional UNIX file access protection cannot. You should view ACLs as extensions to the standard UNIX file permissions. The ACL information is stored and associated with each file or directory individually. ACLs for a file or directory are set or viewed using the commands and options described in Table 3-1. Table 3-1

ACL Commands and Options

Command/Option

Description

get facl filename (s) setfacl options filename.

Displays ACL entries on afile(s). Sets, adds, modifies, and deletes ACL entries on a file(s). Creates or modifies ACL entries on files Removes old ACL entries on a file(s). and replaces with new ACL entries. Deletes-one or more ACL entries on a file(s)

setfacl -m acl_entries setfacl -s acl_entries set facl d acl_entries entries

Solaris Operating Environment System Administration I & II

Page 83 of 563

Solaris SA 1 & 2 - Training Material

Table 3-1

ACL Commands and Options (Continued)

Command/Option

Description

setfacl -f acl_file

Specify an ACL configuration file containing list of permissions to be set on other files. acl_file is used an argument with this command only.

setfacl -r

Recalculates permissions for the ACL mask1

1. Permissions specified in the ACL mask are ignored and replaced by the maximum permissions needed to give access to any additional user, owner group, and additional group entries in the ACL.

ACL Entries Each ACL entry consists of the fields described in Table 3-2, which are separated by colons.

Table 3-2

ACL Entries

ACL Fields entry- type

Description Type of entry to set file permissions for owner, owner's group, specific users, additional groups, or the ACL mask.

UID or GID

The user's name or identification number (UTD). The group's name or identification number (GID).

perm

.

Permissions set for entry-type. You can set Permissions symbolically using r, w, x, and - or by using octal values from 0 to 7.

The setfacl command uses these ACL entries to set permissions on tiles, for example:

‰

u[ser] : : perm - Sets the permissions for the tile owner.

‰

G[roup]perm – set the permissions for the owner’s group

Solaris Operating Environment System Administration I & II

Page 84 of 563

Solaris SA 1 & 2 - Training Material

‰

o [ther] -perm - Sets the permissions for users other than the owner or members of the owner's group.

‰

u[ser] :UID:permor u[ser] -usemame:perm - Sets the permissions for a specific user. The username must exist in the /etc/passwd file.

‰

g[roup] :GID:perm or gtroup] –groupnaome:perm - Sets the permissions for a specific group. The groupname must exist in the /etc/group file.

‰

m[ask] :perm - Sets the ACL mask. The mask entry indicates the maximum permissions allowed for all users, except the owner, and for all groups. The mask is a quick way to change permissions for all the users and groups.

Solaris Operating Environment System Administration I & II

Page 85 of 563

Solaris SA 1 & 2 - Training Material

Adding and Modifying ACL Permissions on a File You can use the setfacl -m command to add or modify ACL permissions on one or more of the file's ACL entries.

Command Format setfacl -m acl_entry,acl_entry filenamel [filename2 ...]

Examples of Modifying ACL Entries on a File The following example creates an ACL entry on file. txt for user8 with permissions to read and write the file... # setfacl -m # getfacl file.txt # file: file.txt # owner: userl # group: class user::rwx user: :user8:rwgroup::rmask:r-other: ----

user:user8:6

file.txt

# effective:r-# effective :r--

The next example modifies the permissions of the ACL mask to read and write. # setfacl

-m

# getfacl file.txt # file: file.txt # owner: userl # group: class user::rwx user : :user8 :rw group: : rmask: r— other:---

m:6

file.txt

# effective :r-# effective : r—

Solaris Operating Environment System Administration I & II

Page 86 of 563

Solaris SA 1 & 2 - Training Material

Determining if a file has an ACL There are two ways to determine if a file has an ACL ‰ ‰

Using the getfacl command Using the Is -1 command Using the ls -1 command on any file that has an ACL displays a plus (+) sign at the end of the permission mode field. For example:

# Is -1 file.txt -rwxr-------+

I userl

class

167 Apr 18 11:13

file.txt

Note - If a file has no ACL entries for additional users or groups, the file is considered to be a trivial ACL file and the + symbol is not displayed.

Solaris Operating Environment System Administration I & II

Page 87 of 563

Solaris SA 1 & 2 - Training Material

Deleting an ACL Entry on a file To delete an ACL entry from a file, use the setfacl -d command. An ACL entry can be one or more comma-separated ACL entries without permissions. To delete an ACL, specify the entry type and the UID (user name) or GID (group name). You cannot delete the ACL entries for the file owner, file group owner, other, and the ACL mask.

Command Format setfacl -d ACL_entry filename (s) or setftcl -d ACL_entry,ACL_entry filename (s) The following is an example of deleting an ACL entry. # setfacl

d

u:user8

file.txt

Solaris Operating Environment System Administration I & II

Page 88 of 563

Solaris SA 1 & 2 - Training Material

Replacing an Entire ACL on a File To replace the entire ACL on a file, from the command line, you must specify at least the basic set of user, group, other, and mask permissions and file name(s).

Command Formal setfacl -s u: :perm,g: :perm, o:perm,m:perm, [u: UID-.perm] , [g:GID:perm] filename (s)

An Example of Setting an ACL on a File The following example sets the file owner permissions to read and write, group permissions to read only, and other permissions to none on file. text.

In addition, viser8 is given read/write permissions on the file, and the ACL mask is set to read/write, which indicates that no user or group can have execute permissions on the file. # setfacl -S user: :rw-,group: :r--,other:--,mask:rw-,user :user8:a /- file.txt To verify which ACL entries were set on the file, use the getfacl command. # getfacl file.txt # file: file.txt # owner: userl # group: class user::rwuser:user8:rwgroup::r-mask:rwother:--

# effective:rw# effective::

Solaris Operating Environment System Administration I & II

Page 89 of 563

Solaris SA 1 & 2 - Training Material

Another Example of Setting an ACL on a File This next example sets the file owner permissions to read, write, and execute, group permissions to read only, other permissions to none, and the ACL mask to read. In addition, user8 is given read and write permissions; however, due to the ACL mask, the effective permissions for user8 are read only. # setfacl

-s

u::7,g::4,o:0,m:4,u:user8:7

file.txt

Verify which ACL entries were set on the file with the getfacl command. # setfacl file.tact # file: file.txt # owner: userl # group: class user::rwx user:user8:rwx group::r-mask:rother:---

# effective:r-# effective:r--

Solaris Operating Environment System Administration I & II

Page 90 of 563

Solaris SA 1 & 2 - Training Material

Managing Remote Access Issues The more access that is available over the network, the more beneficial it is for remote system users. However, unrestrained access and sharing of data and resources will create security problems. A local host's remote security measures are generally based on being able to validate, limit, or block operations from remote system users. The three network files listed here provide certain schemes for handling basic security issues involving remote user access of a local system. ‰

The/etc/hosts.equiv file

‰

The $HOME/ .rhosts file

‰

The /etc/ftpusers file

Solaris Operating Environment System Administration I & II

Page 91 of 563

Solaris SA 1 & 2 - Training Material

The /etc/hosts. equiv and $HOME/. rhosts Files Typically, when a remote user requests login access to a local host, the first file read by the local host is its /etc/passwd file. An entry for that particular user in this file enables that user to log in to the local host from a remote system. If a password is associated with that account, then the remote user is required to supply this password at login to gain system access. When there is no entry in the local host's /etc/passwd file for the remote user, access is denied. The /etc/hosts. equiv and $HOME/ .rhosts files bypass this standard password-based authentication to determine if a remote user should be allowed to access the local host, with the identity of local user.

These files provide a remote authentication procedure to make that determination. This procedure first checks the /etc/hosts.equiv file and then checks the $HOME/ .rhosts file in the home directory of the local user who is requesting access. Based on the information contained in these two files, (if they exist), determines if access is granted or denied.

The /etc/hosts .equiv file applies to the entire system, while individual users can maintain their own $HOME/ .rhosts files in their home directories.

Solaris Operating Environment System Administration I & II

Page 92 of 563

Solaris SA 1 & 2 - Training Material

Entries in /etc/hosts . equivand $HOME / . rhosts While the /etc/hosts.equiv and $HOME/.rhosts files have the same format; the same entries in each file have different effects.

The general format is presented here. Explanations and examples of the meanings of each type of entry are presented on the following pages. ‰

Both files are formatted as a list of one-line entries, which can contain the following types of entries: hostname hostname username +

Note - The host name(s) in the /etc/hosts.equiv and $HOME/ .rhosts files must be the official name of the host, not one of its alias name(s).

‰

If only the hostname is used, then all users from the named host are trusted, provided they are known to the local host.

‰

If both hostname and username are used, then only the named remote user from the named remote host can access the local host.

‰

A single plus sign (+) character placed in the file indicates that every remote host on the network is trusted by the local host. Enabling remote users to login from anywhere on the network, with no passwords required.

Solaris Operating Environment System Administration I & II

Page 93 of 563

Solaris SA 1 & 2 - Training Material

The /etc/hosts.equiv File For regular users, the /etc/hosts.equiv file is used to identify remote hosts and remote users who are considered trusted.

Note - The /etc/hosts.equiv file is not checked at all if the remote user requesting local access is root.

If the local host has /etc/hosts.equiv file contains the host name of a remote host, then all regular users of that remote host are trusted and do not need to supply a password to log in to the local host. Provided that each remote user is known to the local host by having an entry in the local /etc/passwd file; otherwise, access is denied. This is particularly useful for sites where it is common for regular users to have accounts on many different systems, eliminating the security risk of sending ASCII passwords over the network.

The /etc/hosts.equiv file does not exist by default. It must be created if remote user access is required en the local host.

The $HOME / . rhosts File While the /etc/hosts.equiy file applies system-wide for non-root users, the .rhosts file applies to a specific user. All users, including root, can create and maintain their own. rhosts files in their home directory.

For example, if you run an r login process from a remote host to gain root access to a local host, it checks for a / .rhosts file in the root home directory on the local host. If the remote host name is listed in the file, it is considered to be a trusted host and remote user access, in this case root access, is granted on the local host.

The $HOME/.rhosts fie does not exist by default, you must creates at in the user's home directory

Solaris Operating Environment System Administration I & II

Page 94 of 563

Solaris SA 1 & 2 - Training Material

Restricting FTP Logins The Solaris Operating Environment provides an ASCII file named /etc/ftpusers. The ftpusers file is used to list the names of users who are prohibited from running an ftp login on the system. Each line entry in this file contains a login name for each restricted user, for example: username The FTP server in.ftpd daemon reads the ftpusers file, when an FTP session is invoked. If the login name of the user matches one of the listed entries, it rejects the login session and sends the "Login failed" error message. By default, the ftpusers file has the following system account entries: root daemon bin sys adm IP uucp nuucp listen nobody noaccess nobody4 As with any user name that you can add, these entries must match the user account names located in the /etc/passwd file. Because the new default security policy in the Solaris Operating Environment is to disallow remote root logins, the root entry is included in /etc/ftpusers. If root login privileges are allowed by deleting the root, entry in /etc/ftpusers, ensure the etc default login file reflects remote root login privileges.

Solaris Operating Environment System Administration I & II

Page 95 of 563

Solaris SA 1 & 2 - Training Material

The /etc/shells File The/etc/shells files contain a list of the shells on the system Applications, such as sendmail and ftp, can use this file to determine whether a shell is valid. This file does not exist by default.

Note - If this file does not exist, then getusershells (3c) uses its own list of shells.

By creating this file, each shell that you want to be recognized by the system, must have a single line entry, consisting of the shell's path, relative to / (root). For example: # touch /etc/shells /sbin/sh /bin/sh /bin/ksh While the /etc/ftpusers file prohibits ftp connections for a specific user, you can create an /etc/shells file to allow ftp connections only to those users running shells that you have defined in this file. If an entry for a shell does not exist in this file, any user running the undefined shell is not allowed ftp connections to the system.

Solaris Operating Environment System Administration I & II

Page 96 of 563

Solaris SA 1 & 2 - Training Material

CHAPTER - 4

THE BOOT PROM Objectives Upon completion of this module, you should be able to: •

Describe the main functions of the boot programmable read-only memory (PROM) chip and NVRAM

•

Explain the basic elements of POST and the purpose of the Stop key to control POST

•

Invoke some common boot PROM commands from the ok prompt to customize how the system boots

•

Use boot command options to boot a system in different situations

•

Demonstrate how to display the device tree to list all the configured devices using the show -devs command

•

Use the probe- commands to identify what peripheral devices (disks, tape drives, or CDROMs) are currently connected to the system

•

Determine a system's default boot device using the devalias command.

•

Create a custom device alias name for a new boot device using the nvalias or nvedit commands

•

Delete a custom device alias name with the nvunalias command.

•

Use the eeprom command within the Solaris Operating environment to view or change the values of NVRAM parameters

Solaris Operating Environment System Administration I & II

Page 97 of 563

Solaris SA 1 & 2 - Training Material

The Boot PROM Concept Each Sun system has a boot PROM chip. This 8-kbyte chip is typically located on the same board as the CPU. The main functions of the boot PROM are to test the system hardware and boot the operating system. The boot PROM firmware, referred to as the monitor program, controls the operation of the system before the kernel is available. The boot PROM firmware has the capabilities to perform system initialization at power on and provide a user interface.

Note -The boot PROM does not understand the Solaris Operating Environment file systems or files; it deals mainly with hardware devices.

Currently there are three generations of Sun boot PROMs. Each generation has its own base revision number as described in the following list: • • •

1.x- The original SPARC™ boot PROM 2.x- The first OpenBoot PROM (OBP) 3.x- The OpenBoot PROM with a flash update feature. You can update the 3.x firmware without having to replace the PROM chip.

Note - There is no OpenBoot PROM in the Intel environment.

The NVRAM Component Another important hardware element in each Sun system is the NVRAM chip; The NVRAM is 8-Kbytes of nonvolatile random access memory. This pluggable chip is often located on the main system board.

Solaris Operating Environment System Administration I & II

Page 98 of 563

Solaris SA 1 & 2 - Training Material

The NVRAM stores the Ethernet address, host ID, and the time-of-day (TOD) clock. A single lithium battery within the NVRAM module provide battery backup for the NVRAM and clock. The NVRAM module also contains the EEPROM for the storage of userconfigurable parameters that have been changed or customized from the boot PROM's default parameters settings. This gives you a certain level of flexibility in configuring the system to behave in a particular manner for a specific set of circumstances. The user-interface commands and device aliases are stored in the NVRAM.

Note - The NVRAM chip has a yellow sticker with a bar code on it. Many software packages that are licensed are based on the system host ID in NVRAM. If the chip fails, Sun will replace it with a new chip containing the same host ID and Ethernet address.

Figure 12-1

Basic Elements of the Boot PROM and NVRAM

Solaris Operating Environment System Administration I & II

Page 99 of 563

Solaris SA 1 & 2 - Training Material

Power On Self Test (POST) When a system's power is turned on, a low-level power on self-test (POST) is initiated. This low-level POST code is stored in the boot PROM and is designed to test the most basic functions of the system hardware. At the successful completion of the low-level POST phase, the boot PROM firmware takes control and performs the following Initialization sequence: •

Initializes the system

•

Probes the memory and then the CPU

•

Probes bus devices, interprets their drivers, and builds a device tree

•

Installs the console

After system initialization, the banner displays on the, console and the high level testing begins. When the high-level tests are finished, the system checks parameters stored in the NVRAM to determine if and how to boot the operating system.

The OpenBoot Goal The overall goal of the OpenBoot Institute of Electrical and Electronics Engineers, (IEEE) standard is to provide the capabilities to: • Test and initialize system hardware •

Determine the systems hardware configuration

•

Boot the operating system

•

Provide interactive debugging facilities

•

Enable the use of third-party devices

Solaris Operating Environment System Administration I & II

Page 100 of 563

Solaris SA 1 & 2 - Training Material

Third party Device Configuration All versions of the OpenBoot architecture allow a third-party board to identify itself and load its own plug-in device driver. Each device identifies its type and furnishes its plug-in device driver when requested by the OBP during the system hardware configuration phase of the boot process.

Figure 12-2

Third-Party- Device Identification Process

Solaris Operating Environment System Administration I & II

Page 101 of 563

Solaris SA 1 & 2 - Training Material

Basic Boot PROM Configurations The following sections describe the basic BootPROM configurations.

Systems Containing a Single System Board The following Sun systems are configured with only one system board, which holds both the boot PROM and NVRAM chip. •

SPARCstation™ 4, 5,10, and 20

•

Ultra™ 1, 2, 5,10, 30, 60, 80, 220, 250, 420, and 450

The Ultra systems use a re-programmable boot PROM called a flash PROM, (or FPROM). This allows new boot program data to be loaded into the PROM via software, instead of having to replace the chip. These updates are distributed on CDROM,

Systems Containing Multiple System Boards The following SUN systems are configured with multiple System boards. •

Enterprise 3X00

•

Enterprise 4X00

•

Enterprise 5X00

•

Enterprise 6X00

Solaris Operating Environment System Administration I & II

Page 102 of 563

Solaris SA 1 & 2 - Training Material

Systems containing multiple system boards have a special boot PROM and NVRAM arrangement- These systems also have a clock board to oversee the backplane communications.

Figure 12-3

NVRAM and Boot Prom in Multi-board Systems

Some characteristics of these particular systems are: •

The CPU located in the lowest card "cage slot becomes the Master "CPU board. ¾ Each CPU board runs its own individual POST. ¾ The host ID and Ethernet address are on the Clock board and are automatically downloaded to all CPU board NVRAMs when POST is complete.

•

PROM contents are verified by checksum comparisons. ¾ Clock board and all system boards are compared. ¾ Invalid PROM values can be manually rewritten and verified. ¾ If the PROM contents on the Clock board are found to be different, it is reloaded with the contents from the Master CPU board NVRAM.

•

You can update the flash PROMs (FPROMs) to newer firmware versions without replacing them. These updates arc distributed on CDROM.

Solaris Operating Environment System Administration I & II

Page 103 of 563

Solaris SA 1 & 2 - Training Material

Controlling the POST Phase The Stop key, located on the left side of the keyboard, is used to effect the POST, phase. • •

To skip the POST phase at power up, power on the system, while holding down the Stop key. To run extensive POST diagnostics during power up using STOP-d Power on the system while holding down the Stop key and the "d" key simultaneously. This action sets the value of the parameter diag-switch? to true. This also forces the system to boot from the parameter diag-device-Its default value is usually set to net. The firmware automatically switches to diagnostic mode to run extensive POST diagnostics on the system hardware. By default, the parameter diag-level defaults to the maximum, (max) setting, this instructs POST to run all available tests. By modifying the value of diag-level to the minimum (min) setting, POST only runs an abbreviated set of tests, (in approximately half the time of the maximum setting).

•

To reset the NVRAM parameter settings to the default values: If a system does not boot and the NVRAM settings are suspect, power on the system while holding down the Stop key and the "n" key simultaneously. Once the keyboard LED's (light emitting diodes') start to flash, release the keys and the system continues to boot.

Halting the Solaris Operating Environment To halt the Solaris Operating Environment to get to the PROM monitor prompt, hold down the Stop key and the “a" key simultaneously. An ok prompt displays on the screen indicating that the monitor program is available.

Solaris Operating Environment System Administration I & II

Page 104 of 563

Solaris SA 1 & 2 - Training Material

Warning - You should not interrupt the Solaris Operating Environment because file systems can be corrupted. However, if a system is frozen, you can use this method to reboot the system.

If the Solaris Operating Environment had been running before the Stop-a key sequence, enter the reset command at the ok prompt to clear all buffers and registers before entering any diagnostic commands.

Solaris Operating Environment System Administration I & II

Page 105 of 563

Solaris SA 1 & 2 - Training Material

Basic Boot PROM Commands The boot PROM monitor provides a user interface for invoking OpenBoot commands, such as those listed below.

Note - The ok prompt indicates the Solaris Operating Environment is currently not running.

The following are some commonly used commands: • • • • • • • • • •

ok banner ok boot ok help ok printenv ok setenv ok reset ok set-defaults ok probe-ide ok probe-scsi ok probe-scsi-all

The banner Command The banner command lists several lines of useful information about the system, such as "the model name, amount of memory, host ID, Ethernet address, and the boot PROM version number, (for example, 1.x, 2 .x, or 3 .x).

ok banner Sun Ultra 5/10 UPA/PCI (UltraSPARC-IIi 270MHz), Keyboard Present OpenBoot 3.11, 128 MB memory installed, Serial #11900965. Ethernet- addresses 8:0:20:b5:98:25, Host ID: 80b59825.

Solaris Operating Environment System Administration I & II

Page 106 of 563

Solaris SA 1 & 2 - Training Material

The boot Command You use the boot command to boot the Solaris Operating Environment from the ok prompt.

This command has several options available for booting the system in different situations.

Command-Format Ok boot [device-name] – [options] Entering the boot command at the ok prompt boots the system to multi-user mode automatically. For example: Ok boot

Options

The following list describes the options for the boot command: •

s-Boots the system to a single user mode and prompts for the root password. For example: ok boot –s

Note- To continue the process and bring the system to multiuser mode, process the control – d keys. •

A – Boots the system interactively. This is useful if you need to make a temporary change to the system file or the kernel. The boot program asks you for the following information.

ok boot –a Enter filename of the kernel (kernel / unix): Enter default directory for modules (kernel; /usr / kernel): Enter name of system file (etc / system): Enter default root file system type (ufs): Enter physical name of root device: For example:

Solaris Operating Environment System Administration I & II

Page 107 of 563

Solaris SA 1 & 2 - Training Material

ok help Enter 'help command-name' or 'help category-name' for more help (Use ONLY the first word of a category description) Examples: help select -or- help line Main categories are: Repeated loops Defining new commands Numeric output Radix (number base conversions) Arithmetic Memory access Line editor System and boot configuration parameters Select I/O devices Floppy eject Power on reset Diag (diagnostic routines) Resume execution File download and boot nvramrc (making new commands permanent) ok

Detailed Help To view specific information for one of the main categories listed above, type the following:

•

ok help line

•

ok help system

•

ok help diag

•

ok help file

The printenv Command You can use the printenv command to list all the NVRAM parameters. The name of each parameter is displayed along with the values of its default setting and current setting (if the parameter can be modified).

Solaris Operating Environment System Administration I & II

Page 108 of 563

Solaris SA 1 & 2 - Training Material

(The following output is edited to fit the page.)

ok printerrv Variable Name

Value

Default Value

tpe-link-test? scsi-initiator-id keyboard-click? ttyb-rts-dtr-off ttyb-ignore-cd ttya-rts-dtr-off ttya-ignore-cd ttyb-mode ttya-mode pcia-probe-list pcib-probe-list diag-level output-device input-device boot-command auto-boot? diag-device boot-device local-mac-address? screen-#columns screen-#rows use-nvramrc? security-mode security-password security-# badlogins diag-switch? ok

true 7 false false true false true 9600,8,n,l,9600,8,n,l,1,2,3,4 1,2,3 max screen keyboard boot True net disk net false 80 4 false none

true 7 false false true false true 9600,8,n,l,9600,8,n,l,1,2,3,4 1,2,3 max screen, keyboard boot true net disk net false 80 34 false

0 false

Solaris Operating Environment System Administration I & II

false

Page 109 of 563

Solaris SA 1 & 2 - Training Material

You can also use the printenv command to display only a single parameter and its values. For example, to display only the boot-device parameter: ok printenv boot-device boot-device = disk net The possible values to boot-device include: disk, net, and cdrom.

Note - If an OBP parameter ends in a question mark (?), for example: autoboot? the parameter value is either true or false.

The setenv Command You use the setenv command to change the current values assigned to NVRAM parameters. In this example, the auto-boot? parameter is changed from its default setting of true to a new current value of false. ok printenv auto-boot? auto-boot? = true ok ok setenv auto-boot? false auto-boot? = false ok reset Resetting The reset command reads the changes to the environment variables.

The reset Command The reset command halts the system, clears all buffers, registers the system, and does one of the following: • Reboots the system if the auto-boot? parameter is set to true • Redisplays the ok prompt if the auto-boot? parameter is set to false

Solaris Operating Environment System Administration I & II

Page 110 of 563

Solaris SA 1 & 2 - Training Material

The set-defaults Command You use the set-defaults command to reset all parameters to their default values. It affects only those parameters that have assigned default values.

ok set-defaults Setting NVRAM parameters to default values. ok

To reset only a specific parameter to its default value, use the set-default command.

ok set-default parameter-name For example: ok set-default diag-level

Solaris Operating Environment System Administration I & II

Page 111 of 563

Solaris SA 1 & 2 - Training Material

Device Tree Sun hardware uses the concept of a device tree to organize devices that are attached to the system.

The OpenBoot firmware builds the device tree from information gathered at POST. The device tree is loaded into memory to be used by the kernel during boot to identify all configured devices.

Each node in the device tree represents a device. Nodes with children usually represent buses and their associated controllers. Their children are devices connected to the buses or controllers.

A full device path begins with a slash (/) character, the root of the tree. Each node name has the form name@address: arguments. Other than name, the rest are optional and the format is device-dependent.

Solaris Operating Environment System Administration I & II

Page 112 of 563

Solaris SA 1 & 2 - Training Material

PROM monitor level (ok prompt) /

(root node level)

pci@1f, 0

pci@1f, 1

pci@1f, 1

ebus@1

[email protected]

Isptwo@4 ide@3

sd@3,0

st@4,0 disk@0,0

cdrom@2,0 SUNW, m64b@2

Figure 12-4 A Partial Device Tree for an Ultra 5/10

Solaris Operating Environment System Administration I & II

Page 113 of 563

Solaris SA 1 & 2 - Training Material

To View Device Path Names To see the entire device tree, use the show-devscommand. ok show-devs /SUNW,UltraSPARC-IIi@0,0 /pci@lf,0 /virtual-memory /memory@0,10000000 /pci@lf,0/pci@l /pci@lf,0/pci@l,l /pci@lf,0/pci@l/pci@l /pci@lf,0/pci@l/pci@l/SUNW,isptwo@4 /pci@lf,0/pci@l/pci@l/SUNW,hme@0,-l /pci@lf,0/pci@l/pci@l/SUNW,isptwo@4/st /pci@lf,0/pci@l/pci@l/SUNW,isptwo@4/sd /pci@lf,0/[email protected]/ide@3 /pci@lf,0/[email protected]/sunw, m64B@2 /pci@lf,0/pci@l 1 /networks 1, 1 /pci@lf,0/pci@l /ebus@1 /pci@lf,0/pci.ei, l/ide@3/cdrom /pci@lf,0/pci@l /ide@3/disk /pci@lf,0/pci@l l/ebus@l/SUNW,CS4231@14,200000 /pci@lf,0/pci@l,l/ebus@i/flashprom@10,0 /pci@lf,0/pci@l,l/ebus@l/eeprom@14,0 /pci@lf, 0/pci@l, l/ebus@l/fdthree(214,3023f0 /pci@lf,0/pci@l,l/ebus@l/ecpp@14,3043bc /pci@lf,0/pci@l,1/ebus@1/su@14, 3062f8 /pci@lf,0/pci@l,1/ebus@1/su@14, 3083f8 /pci@lf,0/pci@l,l/ebus@l/se@14,400000 /pci@lf,0/pci@l,l/ebus@l/power@14,724000 /pci@lf,0/pci@l,l/ebus@l/axoxio@14,726000

ok

Solaris Operating Environment System Administration I & II

Page 114 of 563

Solaris SA 1 & 2 - Training Material

Boot Disk Device Path Example The paths built in the device tree by the OpenBoot firmware will vary depending on the system type and its device configuration. Figure 12.5 shows a sample disk device path on an Ultra system with a PCI bus.

/pci@1f ,0/pci@l,l/ide@3/dad&0,0

Beginning of Device Path

Bus Devices and Controllers Device Type (IDE Disk)

Figure 12-5

IDE Address

Disk Number

Disk Device Path - Ultra System With PCI Bus

Figure 12-6 shows a sample disk device path on an Ultra System with a PCI-SCSI bus.

/pci@lf, 0/pci@l/isptwp@-4/sd@3, 0

Beginning of Device Path

Bus Devices and Controllers Device Type (SCSI Disk)

Figure 12-6

Target Address

Disk Number

Disk Device Path - Ultra System With PCI-SCSI Bus

Solaris Operating Environment System Administration I & II

Page 115 of 563

Solaris SA 1 & 2 - Training Material

Using probe- Commands to Identify Devices To identify the peripheral devices, such as disks, tape drives or CDROMs currently connected to the system, use the OBP commands: •

probe-ide

•

probe-scsi

•

probe-scsi-all

Note - Use the probe -fcal OBP command to identify peripheral devices on systems containing the Fiber Channel Arbitrated Loop (FC-AL) GBIC Gigabit Interface Converters.

Peripheral devices are connected to the System board by I/O (input/output) buses. You can configure Sun systems with a small computer system interface (SCSI) bus or integrated drive electronics (IDE) bus.

A probe- Warning Message Warning - The following warning message is displayed if you invoke the probe- commands on Sun systems that contain a 3x boot PROM.

Shutting down the Solaris operating system abruptly with the stop –a sequence, or with the halt command, creates a condition where running the probe command hangs the system unless you run the reset-all command first.

When Operating Environment has been running before the stop –a key sequence, you must complete the following steps before using the price commands, because these commands can cause the system to freeze.

Solaris Operating Environment System Administration I & II

Page 116 of 563

Solaris SA 1 & 2 - Training Material

Note - if a probe- command causes a system to freeze, turn off the system and then turn it back on by toggling the power switch located on the back of the system unit. 1.

At the ok prompt, set the NVRAM auto-boot? Parameter to false ok setenv auto-boot? false

2.

At the ok prompt, enter the reset command to clear all buffers and registers before entering any diagnostic commands. ok reset

The probe-scsi Command The probe-scsi command, identifies the peripheral devices (disks, tape drives, or CDROMs) attached to the on-board SCSI controller, by their target address. For example:

Ok prob-scsi. Target 3 Unit 0 Disk SEAGATE ST1480 SUN0424626600190016 Target 6 Unit 0 Removable Read only device SONY CDROM

The probe-scsi -all Command The probe-scsi-all command identifies the peripheral devices attached to the on-board SCSI controller and all peripheral devices attached to separate SBus or PCI SCSI controllers. ok probe-scsi-all /pci@1f, 0/pci@1/pci@1/SUNW,insptwo@4 Target 3 Unit 0 Disk FUJITSUMAB3045S SUN4.2G1907 Target 4 Unit 0 Removable Tape EXABYTE EXB-8505SMBANSH20090

Solaris Operating Environment System Administration I & II

Page 117 of 563

Solaris SA 1 & 2 - Training Material

The probe-ide Command The probe-ide command identifies the peripheral devices, currently only disks and CDROMs, attached to the on-board ide controller. This command does not display target addresses, only device numbers. For example: ok probe-ide Device 0

( Primary Master ) ATA Model : ST 34342A

Device 1

(Primary Slave ) Not Present

Device 2

(Secondary Master) Removable ATAPI Model : CRD-824.0B

Device 3

( Secondary Slave ) Not Present

Solaris Operating Environment System Administration I & II

Page 118 of 563

Solaris SA 1 & 2 - Training Material

Identifying the System's Boot Device The system's boot device is set in the NVRAM as the boot-device parameter, which is by default set to disk.

ok printenv boot-device boot-device = disk net To identify the current boot device for the system, use the devalias command. ok devalias screen net cdrorti disk disk3 disk2 disk! diskO ide floppy ttyb ttya keyboard! keyboard mouse name

/pcl@lf,0/pci@l,l/SUNW,m64B@2 /pci@lf,0/pci@l,l/network£l,l /pci@lf ,0/pci@l,l/ide@3/cdrcsn@2,0: f /pci@lf,0/pci@l,l/ide@3/disk@0,0 /pci@lf,0/pci@l,l/ide@3/disk@3,C /pci@1f0/pci@l,l/ide@3/disk@2,0 /pci@lf0/pci@l,l/ide&3/disk@l,0 /pcieif,0/pciei,l/idee3/disk@0,0 /pcidlf,0/pci@l,l/ide@3 /pci@lf ,0/pci@I,l/ebus<2l/fdthree /pci@lf,0/pci@l,l/ebus@l/se:b /pci@lf, 0/pci@l,l/ebus@l/se:ci . /pci@lf,0/pci@l,l/ebus@l/[email protected]:forcemode /pci&lf,0/pciei,l/ebus@l/su@14,3083f8 /pci@lf,0/pci(?l,l/ebus@l/su@14,3062f8 aliases

Device alias names are listed on the left side of the command output, and the physical address of each device is shown on the right side of the output. Device aliases are hard-coded into the OBP firmware, and they are easier to remember and use than the physical device addresses. The disk device alias identifies the default boot device for the system. To boot the system from the default device simply type the boot command.

ok boot

Solaris Operating Environment System Administration I & II

Page 119 of 563

Solaris SA 1 & 2 - Training Material

Creating Custom Device Aliases You can boot from an external device. External devices do not, by default, have built-in device aliases associated with them. A portion of the NVRAM called NVRAMRC contains registers to hold parameters and is also, reserved for storing new device alias names. The NVRAMRC is effected by the commands nvalias, nvunalias, nvedit and the parameter use-nvramrc?

The nvalias and nvunalias Commands To create a new device alias name to access the newly attached external device, use the command nvalias. . To create a custom device alias name: ok nvalias alias-name device-path The effect of nvalias is to store this entire command line in the NVRAMRC. To remove a custom device alias name: ok nvunalias alias-name The effect of nvunalias is to delete the alias name from NVRAMRC. Using nvalias to Create Custom Device Aliases The following procedure shows how to add a new boot device alias, called my disk, and boot the system from this new boot device alias. Using show-disks select the device path that relates to the disk to be used. Using nvalias create a new device alias called mydisk. ok show-disks (select a disk from the list) ok nvalias mydisk /pci@1f, 0/pci@l/pci@l/SUNW, isptvro(M/sd To paste the device path, for the selected disk, on the command line press Control-y.

Solaris Operating Environment System Administration I & II

Page 120 of 563

Solaris SA 1 & 2 - Training Material

Note - A shortcut provided with the show-disks command enables you to select a device and use the Control-y keys to copy the device path onto the command line.

Set the boot-device parameter to the new value of mydisk, and boot the system. ok setenv boot-device mydisk boot-device = mydisk ok boot

Removing Custom Device Aliases You use nvunalias to delete the alias name mydisk from NVRAMRC, and set the boot-device to disk. ok nvunalias mydisk ok setenv boot-device disk boot-device = disk ok reset Resetting ....

The nvedit Command On Sun systems with PROM versions 1.x and 2.x the nvalias command might not be available to create custom device alias names. On these systems you use the nvedit command to edit the NVRAMRC directly. The nvedit editor is a simple line editor that has a set of editing commands and operates in a temporary buffer. The following is a sample nvedit session: ok setenv use-nvramrc? true use-nvramrc?= true ok nvedit 0: devalias my-disk /pci@-lf ,0/pci@l, l/ide@3/disk,0 1: Control-c ok nvstore ok reset Resetting ..... ok boot mydisk

Solaris Operating Environment System Administration I & II

Page 121 of 563

Solaris SA 1 & 2 - Training Material

You use the nvstore 3 command, which is invoked after exiting nveditp to make permanent changes to NVRAMRC. The following lists some basic nvedit commands: • • • • • • • •

^C- Exits the editor ^U - Deletes the current line Delete - Erases the previous characters Return - Closes the current line, opens a new line ^B -Goes back one character ^F -Goes forward one character ^P-Goes back one line ^N-Goes forward one line

Solaris Operating Environment System Administration I & II

Page 122 of 563

Solaris SA 1 & 2 - Training Material

Changing NVRAM Parameters with the eeprom Command You use the /usr/sbin/eeprom command to view and change the NVRAM parameters while the Solaris Operating Environment is running. You should be aware of the following guidelines when using the eeprom command: •

Only root can change the value of a parameter.

•

Parameters with a trailing question mark must be enclosed in single quotes when executed in the C shell.

•

All changes are permanent There is no reset command to be run.

•

To list all of the parameters with default and current values, type:

•

# eeprom To list a single parameter and its value, type:

Examples

# eeprom boot-device boot-device=disk # • •

To change the value of the default boot device, type: # eeprom boot-device=disk2 # To change the value of the auto-boot? parameter, type: # eeprom auto-boot?=true auto-boot?=true #

Solaris Operating Environment System Administration I & II

Page 123 of 563

Solaris SA 1 & 2 - Training Material

Interrupting an Unresponsive System When a system freezes, or stops responding to the keyboard, you must Interrupt it. Interrupting the system stops the processor immediately and does not allow for memory to be flushed, or file systems to be synchronized. To interrupt an unresponsive system:

1.

Attempt a remote login on the unresponsive system to locate and kill the offending process.

2.

Attempt to reboot the users system gracefully.

3.

Hold down the Stop-a key sequence on the keyboard of the unresponsive system. The system is placed at the ok prompt.

Note - If an ASCII: terminal is being used as the system, console, use the Break sequence keys. .

4.

Manually synchronize the file systems using the OBP sync command. ok sync

.

This command causes the system to create a crash dump of memory and then reboot the system.

Solaris Operating Environment System Administration I & II

Page 124 of 563

Solaris SA 1 & 2 - Training Material

CHAPTER – 5 ADDING USERS Objectives ‰ ‰ ‰ ‰ ‰ ‰ ‰ ‰ ‰ ‰

Upon completion of this module, you should be able to: Create and manage user accounts on the local system using the admin tool utility Describe the format of the files /etc/passwd and /etc/shadow for securing login access Describe the format of the /etc/group file for maintaining shared and restricted access to files and directories Add, modify, and delete user accounts on the local system with the commands useradd, usermod, and userdel Add, modify, and delete group accounts for the local system with the commands groupadd, groupmod, and groupdel Define the two different types of shell initialization files Describe the shell startup activities during login for the three main Solaris Operating Environment List the shell initialization files used to set up a user's work environment at login Describe the purpose of the /etc/skel directory Modify initialization files to customize a user’s work environment.

Solaris Operating Environment System Administration I & II

Page 125 of 563

Solaris SA 1 & 2 - Training Material

Setting Up User Accounts An important system administration task is setting up user accounts for each user requiring system access. Each user account consists of five main components: ‰ ‰ ‰ ‰

‰

User name - A unique name a user enters to log in to a system, also called a login name. Password - A combination of six to eight letters, numbers, or special characters that a user must enter with the login name to gain access to a system. User's home directory - A directory the user is placed in after login, for creating and storing files. User's login shell - The user's work environment is set up by the initialization files defined by the user's login shell. There are six possible login shells in the Solaris Operating Environment, which include the Bourne shell, Korn shell, C shell, Z shell, BASH shell, and the TC shell. User initialization files - Shell scripts that determine how a user's work environment is to be set up when the user logs in to a system.

Solaris Operating Environment System Administration I & II

Page 126 of 563

Solaris SA 1 & 2 - Training Material

Managing User Account: You can add, modify, and delete user accounts on the system using either command-line tools or the graphical interface utility called admintool. However, before you can add user accounts to the system, you must determine the following information for each new user ‰

‰

Login name - Each user's name must be unique and consist of two to eight letters (A_Z, a-z) and numbers (0-9). The first character must be a letter, and at least one character must be a lowercase fetter. User names cannot contain underscores or spaces. User identification (UID) number - The user's unique numerical ID for the system. UID numbers for regular users range from 100 to 60000. All UID numbers must be unique.

Note - As of the Solaris 2.6 Operating Environment, the maximum value for a UID is 21474&3647. However, the UIDs over 60000 do not have full functionality and are incompatible with some the Solaris Operating Environment features. So avoid using UIDs over 60000 to be compatible with earlier versions of the operating system. ‰

Group identification (GID) number - The unique numerical ID of the group to which the user belongs. Each GID number must be an integer between 100 to 60000.

Note - You can add a user to predefined groups of users listed in the /etc/group file. ‰ ‰ ‰ ‰

Comment - Identifies the user. Generally contains the full name of the user and optional information such as a phone number or location. Home directory identifies the user’s home directory pathname Login Shell – Identifies the user’s login shell Password Aging Optical

Solaris Operating Environment System Administration I & II

Page 127 of 563

Solaris SA 1 & 2 - Training Material

Managing User Accounts with admintool The administration utility, admintool, enables system administrators to maintain and modify local system files from the following categories: ‰

Users

‰

Groups

‰

Hosts

‰

Printers

‰

Serial ports

‰

Software

Note - You execute the admintool utility from the Common Desktop Environment (CDE) or Open Windows™ environment. To set up and manage user accounts with admintool, log in as root and run the following command from, a terminal window in a CDE environment. # admintool &

Solaris Operating Environment System Administration I & II

Page 128 of 563

Solaris SA 1 & 2 - Training Material

Storing User and Group Account information The Solaris Operating Environment stores user account and group account information in the following system files: ‰ ‰ ‰

/etc/passwd /etc/shadow /etc/group

Authorized system users have login account entries in the /etc/passwd file. All passwords are encrypted and maintained in a separate shadow file named /etc/shadow. To further control user passwords, you can often enforce password aging, which is maintained in the /etc/shadow file. The /etc/group file defines the default system group accounts. You use this file to create new group accounts or modify existing group accounts on the system.

Solaris Operating Environment System Administration I & II

Page 129 of 563

Solaris SA 1 & 2 - Training Material

The /etc/passwd File Due to the critical nature of the /etc/passwd file, you seldom, if ever, opens this file to edit it directly. Instead, the file is maintained through the use of adminitool, or the command – line tools: useradd, usermod, and userdel. The following is a sample /etc/passwd file, containing initial system account entries:

Root:x:0:1:Super-User:/:/sbin/sh Daemon:x:1:1::/: bin:x:2:2::/usr/bin: sys:x:3:3: :/: adm:x:4:4:Admin:/var/adm: lp:x:71:8:Line printer admin:/usr/spool/lp: smtp:x:0:Mail daemon User:/: Uucp:x:5:5:uucp Admin: usr/lib/uucp: Nuucp:x:9:9UUCP Admin: /var/spool/uucppublic:/usr/lib/uucp/uucicio Listen:x:37:4:Network Admin: usr/ner/net/nls: Nobody:x:60001:60001: Nobody:/: Noaccess:x:60002:60002: No Access User:/: Nobody4:x:65534:65534:SunOS 4.x Nobody:/: Each line entry in this file contain the following seven fields separated by colons: loginID:x:UID:GID: Comment: home_directory:LOGIN_SHELL

‰

‰ ‰

loginID-Represents the user's login name. It should be UNIQUE. The field is a string of no more than eight characters consisting of numeric characters, period (.), underscore (_), and (-). The first character must be a letter, and it must contain at least one lowercase character Represents a placeholder for the user's encrypted password, which is kept in the /etc/shadow file. UID Contains the UID used by the system to identity the user. UID numbers for users range from 100 to 60000. Values 0 through 99 are reserved for system accounts UID 60001 is reserved for the nobody account UID 6002 is reserved for the noaccess account duplicate UIDs are allowed but should be avoided. If two users have the same UID, they have identical access to each users files

Solaris Operating Environment System Administration I & II

Page 130 of 563

Solaris SA 1 & 2 - Training Material

‰

GID- Contains the GID used by the system to identify the user's primary group. GID numbers for users range from 100 to 60000. (Those between 0 and 99 are reserved for system accounts.)

‰

comment -Contains the user's full name.

‰

home_directory -Contains the full pathname to the user's home directory.

‰

login_shell-Defines the user's login shell, which can be /bin/sh, /bin/ksh, /bin/csh, /bin/zsh, /bin/bash, or /bin/tcsh.

Default System Account Entries Table 2-3 describes the default system account entries located in the /etc/passwd file.

Table 2-3 User Name root

Default System Account Entries

User ID

Description

0

Superuser account. Has almost no restrictions and overrides all other logins, protections, and permissions; has access to the entire system.

daemon 1

System account that controls background processing.

bin

2

Administrative account that owns most of the commands.

sys

3

Administrative account that owns many system files.

adm

71

Administrative account that owns certain administrative files.

smtp

0

Print service account that owns the object and spooled data files for the printer. The smtp mailer uses the Simple Mail Transfer Protocol (SMTP) to transfer a message. SMTP is the standard mail protocol used on the Internet.

Solaris Operating Environment System Administration I & II

Page 131 of 563

Solaris SA 1 & 2 - Training Material

Table 2-3

[Default System Account Entries (Continued)

User Name uucp

User ID

Description

5

The uucp account that owns the object and spooled data files for the UNIX-to-UNIX copy program (UUCP).

nuucp

6

The uucp account used by remote systems to login to the host and start file transfers.

listen

37

Network listener account.

nobody

60001

Anonymous user account, assigned by an NFS server when an unathorized root user makes a request. The nobody user account is assigned to software processes that do not need any special permissions.

noaccess 60002

Account assigned to a user or a process that needs access to a system through some application without actually logging into the system.

nobody4 65534

SunOS™ 4.0 or 4.1 version of the nobody account.

1. The nobody account is used for securing NFS resources. When a user is logged in as root on an NFS client and attempts to access a remote file resource, the UID is changed from 0 to the UID of nobody (60001); nobody gets the same access permissions as those defined for everyone else.

Solaris Operating Environment System Administration I & II

Page 132 of 563

Solaris SA 1 & 2 - Training Material

The /etc/shadow file Due to the critical nature of the /etc/shadow file, you should never edit it directly. Instead, you maintain the file's fields using admintool or the commands useradd, usermod, or passwd. The /etc/shadow file can be read only by a user with root permission. The following is an example of the /etc/shadow file containing its initial system account entries: root:LXeoktCoMtwZN:6445:::::: daemon:NP:6445:::::: bin:NP:6445:::::: sys:NP:6445:::::: adm:NP:6445:::::: lp:NP:6445: : : : : : smtp:NP:6445:::::: uucp: NP : 6445 :::::: nuucp: NP:6445:::::: listen : * LK* :::::: nobody:NP:6445 :::::: noaccess :NP: 6445 :::::: nobody4 :NP: 6445 :::::: Each line entry contains the following nine fields, separated by colons: login ID: password: lastchg:min:max: warn: inactive:expire: ‰

loginID- Contains the user's login name.

‰

password -Contains a 13-character encrypted password, or the string *LK* , which indicates a locked account, or the string NP, which indicates no password.

‰

lastchg - Indicates the number of days between January 1,1970, and the last password modification date.

‰

min -Contains the minimum number of days required between password changes.

‰

max-Contains the maximum number of days the password is valid before the user is prompted to enter a new password at login.

‰

warn - Contains the number of days the user is warned before the password expires.

Solaris Operating Environment System Administration I & II

Page 133 of 563

Solaris SA 1 & 2 - Training Material

‰

inactive - Contains the number of inactive days allowed for that user before the user's account is locked.

‰

expire -Contains the date when the user account expires. Once exceeded, the user can no longer log in.

The ninth field is reserved for future use, and is currently not used.

Solaris Operating Environment System Administration I & II

Page 134 of 563

Solaris SA 1 & 2 - Training Material

The /etc/group File Each user must belong to a group, which is referred to as the user's primary group and specified by the GID located in the user's account entry within the /etc/passwd file. Each user can also belong up to 15 additional groups, known as secondary groups, which are specified in /etc/group file only. The following is a sample of the default entries in an /etc/group file. # cat /etc /group root: :0 :root Other: : 1 : bin : : 2 : root , bin , daemon sys : : 3 : root , bin , sys , adm adm : : 4 : root , adm , daemon uucp : : 5 : root , uucp mail : : 6 : root tty : : 7 : root , tty , adm lp : : 8 : root , lp , adm nuucp : : 9 : root , nuucp staff ::10: daemon : : 12 : root , daemon sysadmin: : 14 : lister, torey nobody: : 60001: noaccess: : 60002 : nogroup: : 65534 : # Each line entry in the /etc/group file contains the following four fields, each separated by a colon character. groupname : group -password: GID: username-list ‰ ‰

groupname -Contains the name assigned to the group. Group names can contain a maximum of eight characters. group-password - Contains an asterisk or is an empty field. This field is a relic of earlier versions of UNIX. There is no utility to set a password on a group. To place a password on a group, cut and paste an existing password from the /etc/shadow file into the /etc/group file entry

Solaris Operating Environment System Administration I & II

Page 135 of 563

Solaris SA 1 & 2 - Training Material

Note — A group password is used by the newgrp command. This command is used to log a user into a new group. If that new group has a password, and the user is not a member of that group, the password has to be entered before newgrp will continue.

‰

‰

GID-Contains the group's GID number. It must be unique on the local system and should be unique across the organization. Numbers 0 to 99, 60001, and 60002 are reserved for system group accounts. User-defined groups can range from 100 to 60000. username-list-Contains a comma-separated list of user names that represent the user's secondary group memberships. By default, each user can belong to a maximum of 15 secondary groups.

Solaris Operating Environment System Administration I & II

Page 136 of 563

Solaris SA 1 & 2 - Training Material

Creating and Managing Accounts from the Command line

You can use the following command-line tools to add, modify, and delete user accounts and group accounts on the local system. ‰ useradd- Adds a new user account to the local system ‰ usermod - Modifies a user's account on the local system ‰ userdel - Deletes a user's account from the local system ‰ groupadd - Adds (creates) a new group account on the system ‰ groupmod - Modifies a group account on the system ‰ groupdel - Deletes a group account from the system

Solaris Operating Environment System Administration I & II

Page 137 of 563

Solaris SA 1 & 2 - Training Material

Creating User Accounts You can add new user accounts on the local system using the useradd command. This command adds an entry for the new user into the /etc/passwd and /etc/shadow files. The useradd command also automatically copies all the initialization files in the /etc/skel directory to the user's new home directory.

Command Format useradd [ -u uid ] [ -g gid [ -G gid [,gid, . . comment ] loginname

]] [ -d dir ] [ -m ] [ -s shell

] [ -c

Options You can use the following options with the useradd command: ‰

-u uid -Sets the unique UID for the new user.

‰

-g group - Specifies a predefined group's ID or name.

‰

-G group - Defines the new user's secondary group memberships.

‰

-d dir- Defines the full pathname for the user's home directory.

‰

-m-Creates the new home directory if it does not already exist.

‰

-s shell - Defines the full pathname for the shell program to be used as the user's login shell. If not defined, it defaults to /bin/sh.

‰

-c comment - Typically used to specify the user's full name and location.

‰

-o -Allows a UID to be duplicated.

‰

-e expire - Sets an expiration date on the user account. Specifies the date (mm/dd/yy) on which a user can no longer log in and access the account. The account is locked

Solaris Operating Environment System Administration I & II

Page 138 of 563

Solaris SA 1 & 2 - Training Material

‰

inactive - Sets the number of inactive days allowed on a user account. If the account is not logged into during the specified number of days it is locked.

‰

-k skel_dir- Specifies an alternative directory location containing customized initialization files to be copied into the user's home directory. (The default is /etc/skel.)

Adding a User with useradd You can use the useradd command to create an account for a user named userl, assign the UID, add the user to the group other, create a home directory in /export/home, and set the login shell for the account.

# useradd -u 100 -g other -d /export/home/newuserl -m -s /bin/ksh -c “regular User Account" newusarl By convention, a user's login name is also the user's home directory name.

Solaris Operating Environment System Administration I & II

Page 139 of 563

Solaris SA 1 & 2 - Training Material

Modifying User Accounts You can use the usermod command to modify the components existing in a user account.

Command Format usermod [ -u uid [ -o ] ] [ -g group } ( -G group [ . group . . . ] ] -d dir ] [ -m ] ] [ -s shell ] [ -c comment } [ -1 newlogname } [. -f inactive } [ -e expire ] login

Options In general, the options for the usermod command function the same as for the useradd command, with the exception of the following options: ‰ ‰

-1 newlogname - Changes a user's login name for the specified user account. -m-Moves the user's home directory to the new location specified with the -d option.

Example The following example changes the login name and home directory for userl to guestl: usermod -d /export/home/guestl -m -i guestl newuserl

Solaris Operating Environment System Administration I & II

Page 140 of 563

Solaris SA 1 & 2 - Training Material

Deleting User Accounts You can use the userdel command to delete a user's login account from the system. This command also removes the user's home directory and all of its contents,if requested to do so.

Command Format userdel [ -r ] login

Options You can use the following option with the userdel command: ‰

-r-Removes the user's home directory from the local file system. This directory must exist.

Examples The following example removes the login account for user guestl: # userdel guestl To request that both the user's login account and home directory be removed from the system at the same time, execute the following: # userdel -r guestl

Solaris Operating Environment System Administration I & II

Page 141 of 563

Solaris SA 1 & 2 - Training Material

Adding Group Accounts As root, you can create new group accounts on the local system using the groupadd command. This command adds an entry for the new group into the /etc/group file.

Command Format groupadd

[ -g gid [ -o ]

] groupname

Options You can use the following options with the groupadd command: ‰ -g gid - Assigns the group ID gid for the new group. ‰ -o -Allows the gid to be duplicated.

Example The following groupadd command creates the new account classl on the local system: groupadd -g 301 classl

Solaris Operating Environment System Administration I & II

Page 142 of 563

Solaris SA 1 & 2 - Training Material

Modifying Group Accounts You can use the groupmod command to modify the definitions of the specified group by modifying the appropriate entry in the /etc/group file.

Command For mat groupmod [ -g gid [ -o ]] [ -n name ] groupname

Options You can use the following options with the groupmod command: ‰

-g gid - Specifies the new GID for the group.

‰

-o - Allows the GID to be duplicated.

‰

-n name-- Specifies the new name for the group.

Example The following example changes the class account group GID to 400: # groupmod -g 400 class

Solaris Operating Environment System Administration I & II

Page 143 of 563

Solaris SA 1 & 2 - Training Material

Deleting Group Accounts You can use the groupdel command to delete a group account from the system. It deletes the appropriate entry from the /etc/group file.

Command Format groupdel groupname

Example The following example removes the group account classl from the local system. # groupdel classl

Solaris Operating Environment System Administration I & II

Page 144 of 563

Solaris SA 1 & 2 - Training Material

Understanding Initialization Piles When users log in to the system, their login shells look for the execute two different types of initialization, files. The first type controls the system -wide environment. The second type controls the user's environment.

System-Wide Initialization Files You maintain the system initialization files to provide an environment for the entire community of users who log in to the system. These files are provided by the Solaris Operating Environment and reside in the /etc directory.

The two main system initialization files are called /etc/profile and /etc/. login. The Bourne and Korn login shells look for and execute the system initialization file /etc/profile during login. The C login shell looks for and executes the system initialization file /etc/.login during the login process.

Note -The default files /etc/profile and /etc/.login check disk usage quotas, print the message of the day from the /etc/motd file, and check for mail. None of the messages are printed to the screen if the file .hushlogin exists in the user's home directory.

User Initialization Files You set up the user's initialization files and place them in each user's home directory. The primary job of a user initialization file is to define the characteristics of a user's work environments such as user’s search path, environment variables, and windowing environment. The owner(s) of the file(s) or root can change or customize the content of these files

Solaris Operating Environment System Administration I & II

Page 145 of 563

Solaris SA 1 & 2 - Training Material

Table 2-4 defines the initialization files for the six possible shells in the Solaris Operating Environment. Table 2-4

Initialization Files for the Six Shells

User Initialization Files Read When a New Shell is Started After Login

Shells

System-wide Initialization Files

User Initialization Files Read at Login

Shell Pathname

Bourne

/etc/profile

$HOME/.profile

Korn

/etc/profile

$HOME/.profile $HOME/.kshrc

C

/etc/.login

$HOME/.cshrc

Z

/etc/zshenv /etc/zprofile /etc/zshrc /etc/zlogin

$HOME-/. zsheriv $HOME/.zprofile $HOME/.zlogin .

BASH

/etc/profile

$HOME/.bash_profile $HOME/.bashrc $HOME/.bash_login $HOME/.profile

/bin/bash

TC

/etc/csh.cshrc /etc/csh.login

$HOME/.tcshrc or $HOME/.cshrc

/bin/tcsh

/bin/sh $HOME/.kshrc

/bin/ksh

/bin/csh $HOME/.zshrc

/bin/zsh

Note - The root user's login shell by default is the Bourne shell, and root' s shell entry in the /etc/passwd file appears as /sbin/sh. When a user logs in to the system, the user's login shell is invoked. The shellprogram looks for its initialization files in a specific order; executes the commands contained in each file, and when finished, displays the shell prompt on the user's screen.

Solaris Operating Environment System Administration I & II

Page 146 of 563

Solaris SA 1 & 2 - Training Material

Customizing the Work Environment The shells all provide basic features and a set of variables that determine what root or a regular user can do when customizing user initialization files for each shell.

Shell Variables The environment maintained by the shell includes variables that are defined by the login program, system initialization file, and the user initialization files.

The shells support two types of variables: ‰

Environment variables - Every shell program started receives its information about the user's environment from these variables.

‰

Local variables - This affects only the current shell. Any subshell started would not have knowledge of these variables.

Table 2-5 lists some of the variables available, for customizing a user's shell environment. Table 2-5 Variable Name

Shell Variables

Set By

Description

LOGNAME Set by login

Defines the user's login name.

HOME

Set by login

Sets the path to the user's home directory. Default argument for cd.

SHELL

Set by login

Sets the path to the default shell.

PATH

Set by login

Sets the default path the shell searches to find commands.

MAIL

Set by login

Sets file path to the user's mailbox.

TERM

Not set default Not set default

LPDEST

by Defines the terminal. by Sets the user’s default partner

Solaris Operating Environment System Administration I & II

Page 147 of 563

Solaris SA 1 & 2 - Training Material

Table 2-5

Shell Variables (Continued)

Variable Name PWD

Set By

Description

Set by shell

Defines the current working directory.

PSI

Set by shell

Defines the shell prompt for the Bourne or Korn shell.

Prompt

Set by shell

Defines the shell prompt for the C shell.

Note — For complete information on all variables used by the default shells see the following man pages: sh (1), ksh (1), csh (1), zsh (1), bash(l)/and tcsh(l).

Setting Environment Variables in User Initialization Files A user can change the values of the predefined variables and specify additional variables. Table 2-6 demonstrates how to set environment variables in user initialization files. Table 2-6

Setting Environment Variables

Shell

User's Initialization File

Bourne or Korn Shell

VARIABLE=value ; For example:

export VARIABLE

"$HOSTNAME 1 $ export PSl C Shell

Setenv variable value For example

Solaris Operating Environment System Administration I & II

Page 148 of 563

Solaris SA 1 & 2 - Training Material

Using the Initialization file Templates The Solaris Operating Environment provides you with a set of initialization file templates. The initialization file templates are located in the /etc/skel directory and are defined in Table 2-7.

Table 2-7 Shell Bourne Korn C

Default User Initialization Files Initialization File Templates /etc/skel/local.profile /etc/skel/local.profile /etc/skel/local.login /etc/skel/local.cshrc

User s Initialization Files $HOME/.profile $KOME/.profile $HOME/.login $HOME/.cshrc

The root user can customize these templates to create a standard set of user initialization files to provide a common work environment for each user. User's can then edit their initialization files to further customize their environments for each shell. When new user accounts are created by root, these initialization files are automatically copied to each new user's home directory.

Solaris Operating Environment System Administration I & II

Page 149 of 563

Solaris SA 1 & 2 - Training Material

CHAPTER - 6

DEVICE CONFIGURATION

Objectives Upon completion of this module, you should be able to: ‰

Describe the disk components: sectors, tracks, and cylinders

‰

Define the term disk slice

‰

Identify a disk device by its logical device name, physical device name, and instance name

‰

Describe the purpose of the /etc/path to inst file

‰

List a system's device configuration information using the prtconf command

‰

Display the system's current disk configuration using the format: commands

‰

Show how to invoke a reconfiguration boot after adding a peripheral device to the system

‰

Describe how devices are reconfigured using the devfsadm command

Solaris Operating Environment System Administration I & II

Page 150 of 563

Solaris SA 1 & 2 - Training Material

Basic Architecture of a Disk The following sections describe the architecture of a disk.

Physical Disk Structure A disk is physically composed of a series of flat, magnetically coated platters stacked on a spindle. The spindle turns while the read/write heads move between platters, in unison, racially reading and writing data on the platters.

Figure 5-1

Components of a Disk

The following describes the components of a disk: ‰

One or more platters.

‰

Platters rotate around the spindle.

‰

Head actuator arm moves the read/write heads as a unit above and below each platter.

Solaris Operating Environment System Administration I & II

Page 151 of 563

Solaris SA 1 & 2 - Training Material

Components of a Disk Platter A disk is divided into the following components: sectors, tracks, and cylinders. ‰ ‰ ‰

Sector - The smallest addressable unit on a platter, One sector can hold 512 bytes of data. Sectors are also known as disk blocks. Track - A series of sectors positioned end-to-end in a circular path. Cylinder - A stack of tracks.

Figure 5-2

Components of a Disk Platter

Note - The number of sectors per track varies with the radius of a track on the platter. The outermost tracks are larger and can hold more sectors than the inner tracks. Because a disk spins continuously and the read/write heads move as a single unit, the most efficient seeking occurs when the sectors to be read or written to are located in a single cylinder.

Solaris Operating Environment System Administration I & II

Page 152 of 563

Solaris SA 1 & 2 - Training Material

Defining Disk Slices Disks can, be divided into individual partitions, known as slices. Slices are groupings of cylinders commonly used to organize data by function.

For example, you can store critical system files and programs in one slice, while you can store user-created files in another slice on the same disk.

Note - By grouping cylinders in this way, the amount of movement required by the read/write heads to access a file is reduced, which improves disk I/O performance.

A disk under SunOS can be divided into eight slices, labeled slice 0 through slice 7. By convention, slice 2 is used to represent the entire disk. It records items, such as the size of the actual disk, and the total number of cylinders available for the storage of files and directories.

Solaris Operating Environment System Administration I & II

Page 153 of 563

Solaris SA 1 & 2 - Training Material

The Boot Disk The slices shown in Figure 5-3 are a possible configuration convention for logically organizing data that is to be stored on the boot disk. Not all slices have to be defined on a disk.

Figure 5-3

Disk Slices on a Single Disk System

Table 5-1 identifies the disk slices. Table 5-1

Disk Slices

Slice

Name

Function

0

/

root's system files

1

swap

Swap area

2

Entire disk

5

/opt

Optional software

6

/usr

System executables and programs

7

/export/home

User files and directories

Figure 5-4 illustrates how the above slices reside on the disk. Each slice is defined by a starting cylinder and an ending cylinder. These cylinder boundaries determine the size of a slice. Solaris Operating Environment System Administration I & II

Page 154 of 563

Solaris SA 1 & 2 - Training Material

Disk Slice Naming Convention The full name of a slice is represented by an eight character string which includes the controller number, the target number the disk number, and the slice number. ‰

Controller number - Identifies the host bus adapter, which controls communications between the system and disk unit. It takes care of moving disk heads, data transfer, and location of data on the device. The controller number is assigned in sequential order, such as c0, c1, c2 and so on.

‰

Target number – Target numbers such as t0, t1, t2 , and t3 correspond to a unique address switch setting that is selected for each disk, tape, or CD-ROM. An external disk drive has an address switch, located on the rear panel. An internal disk has address pins which are jumpered to assign its target number.

Solaris Operating Environment System Administration I & II

Page 155 of 563

Solaris SA 1 & 2 - Training Material

‰

Disk number — The disk number is also known as the logical unit number (LUN). This number reflects the number of disks at the target location. The disk number is always set to do with embedded SCSI disks.

‰

Slice number — A slice number ranging from 0 to 7. c# t # d# s#

Controller number Target number Disk number (Logical Unit Number, LUN) Slice number

Solaris Operating Environment System Administration I & II

Page 156 of 563

Solaris SA 1 & 2 - Training Material

Device Naming Conventions In the Solaris Operating, Environment, all devices have three different types of names, depending on how the device is being referenced. ‰ ‰ ‰

Logical device names Physical device names Instance names

Note - BSD device names also exist in the Solaris Operating Environment if the BSD compatibility packages are installed with either the Developer, Entire Distribution, or Entire Distribution plus OEM Solaris Software Group. The BSD device names are typically used for backwards compatibility with old scripts, (for example, /dev/sdOa).

Logical Device Names You use logical device names, and in some cases by regular users, primarily to refer to a device on the command line. All logical device names are kept in the /dev directory. Logical device names are symbolic links to the physical device names kept in the /devices directory. The logical disk device names contain the controller number, target number, disk number, and slice number.

Every disk device has an entry in both the /dev/dsk and /dev/rdsk directories, for the block and character (raw) disk devices respectively. # or example: # ls /dev/dsk

Solaris Operating Environment System Administration I & II

Page 157 of 563

Solaris SA 1 & 2 - Training Material

‰ ‰ ‰

C0t0d0s0 through c0t0d0s7 – Identifies the device names for disk slices 0 through 7, for a disk that is attached to controller 0, at target 0, on disk unit 0. C0t3d0s0 throughc0t3d0s7 — Identifies the device names for disk slices 0 through 7, for a disk that is attached to controller 0, at target 3, on disk unit 0. c0t6d0s0 through c0t6d0s7 — Identifies the device names for disk slices 0 through 7. Normally, CD-ROM devices are treated the same as disks. This indicates a device on controller 0, at target 6, and disk unit 0.

Physical Device Names Physical device names uniquely identify the physical location of the hardware devices on the system, and are maintained in the /devices directory.

Note Various hardware platforms have different device trees.

A physical device name uniquely identifies the location of the device. It contains the hardware information, represented as a series of node names, separated by slashes, to indicate the path to the device that reflects hardware connectivity. For example: # ls -1 /dev/dsk/c0t0d0s0

.

Irwxrwxrwx 1 root root 46 Jun 16 19:07 /dev/dsk/c0t0d0s0 -> . . / . . /devices/pci@lf ,0/pci@l, l/ide@3/dad@0 , 0 :a

Solaris Operating Environment System Administration I & II

Page 158 of 563

Solaris SA 1 & 2 - Training Material

For example, an Ultra 5 system has the device configuration tree-structure shown in Figure 58 (not all possible devices are included).

Figure 5-8

The /devices Directory Structure

The top-most directory in the hierarchy is called the root node of the device tree. An object below the root node has a device driver associated with it, which is called a leaf, or bus nexus node.

Note - A device driver is the software that communicates with the device. This software must be available to the kernel to use the device.

The kernel identifies the physical location of a device by associating a node with an address, nodename@address, which is called the physical.device name, for example, dad@0 .

Solaris Operating Environment System Administration I & II

Page 159 of 563

Solaris SA 1 & 2 - Training Material

Instance Names Instance names are abbreviated names assigned by the kernel for each device on the system.

An instance name is simply a shortened name for the physical device name. Two examples are shown below:

sdn

Where sd is the disk name and n is the disk number, such as sd0, for the first SCSI (small computer system interface) disk device:

dadn

where dad (direct access device) is the disk name and n is the disk number, such as dad0, for the first ide (integrated drive electronics) disk device.

Solaris Operating Environment System Administration I & II

Page 160 of 563

Solaris SA 1 & 2 - Training Material

Listing a System's Devices The following sections describe how to list a system's devices.

The /etc/path_to_inst File In the Solaris Operating Environment, the system records, for each device, its instance name and number along with its physical name in the /etc/path_to_.inst file. These name are used by the kernel to identify every possible device. This file is read only at boot time.

Note - The device instance number, shown in bold below, appears to the right of the device instance name when recorded in this file.

The /etc/path_to_inst file is maintained by the kernel, and it is generally not necessary, nor is it advisable for the system administrator to ever change this file. # more /etc/path_to_inst # # Caution! This file contains critical kernel state # # pci@lf, 0" 0 "pci" # /pci@lf,0/pci@l,l/ide@3/sd@2,0" 2 "sd" (CD-ROM) # /pci@lf,0/pci@l,l/idePVdad@0,0" 0 “dad" (disk) # /pci@lf, 0/pci@l,l/ebus@l" 0 "ebus" (extended bus) # /pci@lf,0/pci@l/l/ebus@l/fdthree@14,3023fO" 0 "fd" (floppy disk) # /pci@lf ,0/pci@l(l/ebus@l/su@14,3062f8" 1 "su" (mouse) # /pci@lf,0/pci@l,l/ebus@l/se@14,400000" 0 "se" (serial ports A and B) # /pcieif,0/pci@l,l/ebus@l/su@14,3083f8" 0 "su" keyboard; # /pci@lf , 0/pci@l,l/ebus@l/ecpp@14,3043bc" 0 "ecpp" ('extended capability parallel port) #pci@lf, 0'/pci@l, l/ebus@l/SUNW,CS4231@14, 200000" 0 "audiocs" (crystal semiconductor) # /pci@lf, 0/pci@l, l/ebus@l/pov;er@14, 724000" 0 "power" /power management bus) # /pci@lf ,0/pci@l, l/network@l , 1" 0 "hme" (Fast Ethernet)

Solaris Operating Environment System Administration I & II

Page 161 of 563

Solaris SA 1 & 2 - Training Material

Note — Different systems have different physical device paths. This example shows an onboard peripheral component interconnect (PCI) bus configuration.

Sample /etc/path_to_inst File The following is a path_to_inst file from a system that has a different bus architecture. In this case, it is an example of a system that has an onboard Sun system bus (Sbus).

# more /etc/path_to_inst # # Caution! This file contains critical kernel state # # /sbus@lf,0" 0 "sbus" # /sbus@lf ,0/espdma@e, 8400000" 0 "dma" # /sbus@lf ,0/espdma@e, 8400000/esp@e,8800000” 0 “esp” # /sbus@lf ,0/espdma@e, 8400000/esp@e,8800000 / sd@3,0” 3 “sd” # /sbus@lf ,0/espdma@e, 8400000/esp@e,8800000 / sd@2,0” 2 “sd” # /sbus@lf ,0/espdma@e, 8400000/esp@e,8800000 / sd@1,0” 1 “sd” # /sbus@lf ,0/espdma@e, 8400000/esp@e,8800000 / sd@0,0” 0 “sd” # /sbus@lf ,0/espdma@e, 8400000/esp@e,8800000 / sd@6,0” 6 “sd” # /sbus@lf ,0/espdma@e, 8400000/esp@e,8800000 / sd@5,0” 5 “sd” # /sbus@lf ,0/espdma@e, 8400000/esp@e,8800000 / sd@4,0” 4 “sd” # /sbus@lf ,0/espdma@e, 8400000/esp@e,8800000 / st@3,0” 3 “st” # /sbus@lf ,0/espdma@e, 8400000/esp@e,8800000 / st@2,0” 2 “st” # /sbus@lf ,0/espdma@e, 8400000/esp@e,8800000 / st@1,0” 1 “st” # /sbus@lf ,0/espdma@e, 8400000/esp@e,8800000 / st@2,0” 2 “st” # /sbus@lf ,0/espdma@e, 8400000/esp@e,8800000 / st@3,0” 3 “st” # /sbus@lf ,0/espdma@e, 8400000/esp@e,8800000 / st@4,0” 4 “st” # /sbus@lf ,0/espdma@e, 8400000/esp@e,8800000 / st@5,0” 5 “st” # /sbus@lf ,0/espdma@e, 8400000/esp@e,8800000 / st@4,0” 4 “st” ….< remaining lines removed > ….

The prtconf Command You use the prtconf command to display the systems configuration information, including the total amount of members installed and the configuration of system peripherals formatted as a device free.

The prtconf command lists all instances of devices whether the device is attached or not attached to the system

Solaris Operating Environment System Administration I & II

Page 162 of 563

Solaris SA 1 & 2 - Training Material

To view only a list of attached devices on the system, execute the following commands.

# prtconf | grep -v not System Configuration: Sun Microsystems sun4u Memory size: 64 Megabytes System Peripherals (Software Nodes): SUNW,Ultra-5_10 options, instance #0 pci, instance #0 pci, instance #0 ebus, instance #0 power, instance #0 se, instance #0 su, instance #0 su, instance #l : fdthree, instance #0 network, instance #0 SUNW,m64B, instance #0 ide, instance #0 dad, instance #0 sd, instance #2 pci, nstance #l pseudo, instance #0

Note - The command grep -v not is used to omit all containing the word "not" from the output.

Solaris Operating Environment System Administration I & II

Page 163 of 563

Solaris SA 1 & 2 - Training Material

The format Command You use the format command to display both logical and physical device names for all currently available disks. For example # format Searching for disks ... done AVAILABLE DISK SELECTIONS: 0. cOtOdO <SUN4.2G cyl 3880 alt 2 hd 16 sec 135> /pci@lf ,0/pci@l,l/ide@e/dad@0,0 1. clt3dO <SUN4.2G cyl 3880 alt 2 hd 16 sec 135> /pci@if ,0/pci@l/isptwo@4/sd@3,0 Specify disk (enter its number) :

Note - Press Control +d to exit the format command.

Solaris Operating Environment System Administration I & II

Page 164 of 563

Solaris SA 1 & 2 - Training Material

Reconfiguring Devices The system recognizes a newly added peripheral devices if a reconfiguration boot is invoked. This particular boot process adds the new device to a newly generated device tree and to the /dev and /devices directories.. The following steps reconfigure a system to recognize a newly attached disk. 1.

Create the /reconfigure file. This file causes the system to check for the presence of any newly instated devices the next time it is powered on or booted. # touch /reconfigure

2.

Shut down the system. This command brings the system to an appropriate slate for turning the system power off to safely allow for adding or removing devices. # init 5

3.

Turn off the power to all external devices.

4.

Install the peripheral device, making sure the device being added has no conflicting address with other devices on the system.

5.

Turn on the power to all external devices.

6.

Turn on the power to the system. The system boots to the login screen.

7.

Verify that the peripheral device has been added by issuing one of the following commands: prtconf or format.

Once the disk is recognized by the system, YOU can begin the process of defining disk slices.

Note - If the /reconfigure file was not created before the system was shut down, you can invoke a manual reconfiguration boot with the PROM level command: boot -r .

Solaris Operating Environment System Administration I & II

Page 165 of 563

Solaris SA 1 & 2 - Training Material

Configuring the Solaris Operating Environment Devices Before the Solaris Operating Environment release, you used the drvconfig command to configure, devices. This command managed the physical device entries in the /devices directory. The commands disks, tapes, devlinks, and ports manage the logical device entries in the /dev directory.

Note - The ports command creates /dev entries for serial lines.

Now, both the reconfiguration boot process and the updating of the, /dev and /devices directories for dynamic reconfiguration events are handled by the devfsadm command.

For compatibility purposes, drvconfig and the other commands are symbolic links to devf sadm.

The devfsadm command attempts to load every driver in the system and attach to all possible device instances. It then creates the device files in the /devices directory and the logical links in the /dev directory. In addition to managing these directories, devfsadm also maintains the, /etc/path_to_inst file

devfsadm Options To restrict the use of the devfsadm command to a specific device class, use the -c option. #devfsadm -c device_class

Where the values to device_class include: disk, tape, port video and pseudo. For example: # devfsadm -c disk

Solaris Operating Environment System Administration I & II

Page 166 of 563

Solaris SA 1 & 2 - Training Material

You can use the -c option more than once on the command line to specify multiple device classes. For example: # devfsadm -c disk -c tape -c audio

To restrict the use of the devfsadm command to configure only devices for a named driver, user the -i option. For example: devfsadm -i driver_name Some examples of using the -i option include: ‰ ‰ ‰

To configure only those disks supported by the dad driver: # devfsadm -i dad To configure only those disks support by the sd driver: # devfsadm -i sd To configure devices supported by the st driver: # devfsadm -i st

Solaris Operating Environment System Administration I & II

Page 167 of 563

Solaris SA 1 & 2 - Training Material

Configuring a Device Before, the Solaris Operating Environment You can also use the drvconfig command to reconfigure the system to recognize new devices without rebooting

By default, this command configures the /devices directory with the physical device name(s) of the newly attached device(s) and updates the /etc/path_to_inst file.

Adding a New Disk or Tape Drive Commonly, the types of peripheral devices added to a workstation are disks and tape drives. ‰ ‰

When adding a new disk, you must issue the disk command to create the /dev entries for the newly attached disk(s). When adding a tape drive, you must issue the tape command to create the /dev entries for the newly attached tape drive(s).

Note - If adding miscellaneous devices or pseudo-devices, you use the devlinks command to add /dev entries for the new devices.

Adding a New Disk Device The following steps illustrate how to add a new tape device: 1.

Invoke the drvconfig command # drvconfig -i dad or # drvconfig -i sd

Solaris Operating Environment System Administration I & II

Page 168 of 563

Solaris SA 1 & 2 - Training Material

2.

Invoke the disks command. # disks

This command creates symbolic links in the /dev/dsk and /dev/rdsk directories pointing to the actual disk device files located in the /devices directory.

Adding a New Tape Drive The following steps illustrate how to add a new tape drive: 1.

Invoke the drvconfig command. # drvcconfig -i st

2.

Invoke the tapes command. # tapes

This command creates symbolic links in the /dev/rmt directory to the actual tape device files located in the /devices directory.

Solaris Operating Environment System Administration I & II

Page 169 of 563

Solaris SA 1 & 2 - Training Material

CHAPTER – 7

DISKS, SLICES, AND FORMAT

Objectives

Upon completion of this module, you should be able to:

‰

Explain the term disk slice

‰

Describe and create a disk label

‰

Define and modify a partition table using the format utility

‰

Describe the purpose of the /etc/format.dat file

‰

Use the format utility to save and retrieve customized partition tables

‰

Demonstrate how to view the disk's VTOC using two different commands: verify and prtvtoc

‰

Use the fmthard command to update the VTOC on a disk

Solaris Operating Environment System Administration I & II

Page 170 of 563

Solaris SA 1 & 2 - Training Material

Disk Slices and the format Utility The format utility is a system administration tool used primarily to prepare hard disk drives for use in the Solaris Operating Environment. Though you can use the format utility to perform a variety of disk management activities, the main reason you use the format utility is to divide a disk into disk slices.

Note - The Solaris Operating Environment installation program also divides disks into disk slices as part of installing the Solaris Operating Environment release.

To divide a disk into slices, the system administrator will need to: •

Identify the correct disk

•

Plan the layout of the disk

•

Use the format utility to divide into slices

•

Label the disk with new slice information

Only the root user can use the format utility. If format is run by a regular user, the following error message is displayed: $ format Searching for disk...done No permission (or no disk found)

Solaris Operating Environment System Administration I & II

Page 171 of 563

Solaris SA 1 & 2 - Training Material

Disk Labels and Partition Tables Every disk in the Solaris Operating Environment has a special area set aside for storing information about the disk's controller, geometry, and slices.

This information is called the disk's lable. Another term used to describe a disk label is the volume table of contents (VTOC). The disk's label VTOC is stored on the first sector of the disk.

To label a disk means to write slice information onto the disk. If the system administrator fails to label a disk after defining slices, the slice information is lost. An important part of the disk label is the partition table, which identifies, a disk slices, the slice boundaries (in cylinders), and the total size of the slices.

Note -The terms disk slice and disk partition are interchangeable.

Solaris Operating Environment System Administration I & II

Page 172 of 563

Solaris SA 1 & 2 - Training Material

Disk Partition Table A disks partition table can be displayed using the format utility

Figure 6-1

A Partitioned Disk

The partition table primarily defines partition boundaries and the number of £vHn£tersjn_a_£artition. For example: Current partition table (original): Total disk cylinders available 8892 + 2 (reserved cylinders) part

Tag Flag

Cylinders Size

0 1

root wm swap

wu

0 -2520

Blocks

1.1 4G3

(2521/0/0) 2382345

2521 -2840 147. 66KB (320/0/0)

302400

2

backup wm

0 -8892 4 .01GB (8892/0/0) 8402940

3

unassigned wm

0

0

(0/0/0)

0

4

unassigned wm

0

0

(0/0/0)

0

5

unassigned win

0

0

(0/0/0)

0

6

usr wm

7

unassigned wm

2 841 -8000 0

2.73GB 0

(6051/0/0) 5718195 (0,0/0)

0

Partition boundaries must begin and end with entire cylinders. Solaris Operating Environment System Administration I & II

Page 173 of 563

Solaris SA 1 & 2 - Training Material

Table 6-1 describes the fields contained in a disk's partition table. Table -5-1

Partition Table Terms and Usage

Field

Description

Part

Slice number. Valid slice numbers include 0 through 7.

Tag

A value used to indicate how the slice is being used. 0 = unassigned 1 =boot 2 = root 3 = swap 4 = usr 5 = backup 6 = stand 7 = var 8 = home 9 = alternates

Flag

wm- disk slice is writable and mountable.

wu -disk slice is writable and unmountable. This is the defaults state of slice dedicated for swap areas. rm = disk slice is read only and mountable. ru - disk slice is read only and unmountable. Cylinders

The starting and ending cylinder number for the disk slice.

Size

The slice size: Mbytes (mb), Gbytes (gb), Blocks (b), or Cylinders (c).

Blocks

The total number of cylinders and the total number of sectors per slice.

Note - Partition tags and flags are assigned by convention. They are ignored by the SunOS and require no maintenance.

Solaris Operating Environment System Administration I & II

Page 174 of 563

Solaris SA 1 & 2 - Training Material

Defining Disk Slices Disk slices are defined by an offset and a size in cylinders. The offset is the distance from cylinder 0. For example:

Slice 2 -- Overlaps Entire Disk

Slice 0

Slice 1

Size 320 Cylinders Size

Size 2521 Cylinders

Offset 0

Figure 6-2

Slice 6

6051 Cylinders

Off set 2521

Off set 2841

Offsets and Sizes for Disk Partitions

The offset for slice 0 is 0 cylinders and its size is 2521 cylinders. Slice 0 begins on cylinder 0 and ends on cylinder 2520. The offset for slice 1 is 2521 cylinders and its size is 320 cylinders. Slice 1 begins on cylinder 2521 and ends on cylinder 2840. The offset for slice 6 is 2841 cylinders and its size is 6051 cylinders. Slice 6 begins on cylinder 2841 and ends on the last available cylinder 8892.

Solaris Operating Environment System Administration I & II

Page 175 of 563

Solaris SA 1 & 2 - Training Material

Defining Disk Partitions The following sections describe conditions that can occur when you are defining disk partitions.

Undesirable Conditions When creating or changing disk slices, two types of undesirable conditions can occur: wasted disk space and overlapping disk space.

Wasted Disk Space Wasted disk space occurs when one or more cylinders are not allocated to a disk slice.

Size- 2521 cyl

Size – 320 cyl

Offset – 0

Size – 2500cyl

Offset - 2521

wasted

Offset – 0

Figure 6-3

Size -320 cyl Offset – 2521

Disk Slice With Wasted Space

;

The wasted disk space condition can occur when you decrease the size of one slice, and do not adjust the starting cylinder number of the next disk slice. (In the example above, cylinders 2501 through 2520 are unusable.)

Overlapping Disk Slices Overlapping disk slices occurs when one or more cylinders are allocated to more than one disk slice.

Solaris Operating Environment System Administration I & II

Page 176 of 563

Solaris SA 1 & 2 - Training Material

Size- 2521 cyl

Size – 320 cyl

Offset – 0

Size – 2590cyl Offset – 0

Figure 6-4

Offset - 2521

wasted

Size -320 cyl Offset – 2521

Disk Slices With Overlapping Cylinders

This type of condition can occur when you increase the size of one slice and do not adjust the starting cylinder number of the next disk slice. In the example above cylinders 2521 through 2590 are overlapping two disk slices. The format utility doesnot warn you of overlapping disk slices.

Warning - Do not change the size of disk slices that are currently in use.

Caution - When a disk with existing slices is repartitioned and relabeled, any existing data will be inaccessible. Existing data must be copied to backup media before the disk is repartitioned and restored after the disk is relabeled.

Solaris Operating Environment System Administration I & II

Page 177 of 563

Solaris SA 1 & 2 - Training Material

Locations of Disk Partition Tables As a root user, when you select a disk to be partitioned using the format utility, a copy of the disk’s partition tables is read into memory and is the current disk label.

The format utility also works with a file called /etc/format.dat, which is read when you invoke the format utility. The format.dat file is a table of available disk types and a set of predefined partition tables that you can use to partition a disk quickly. On disk

In memory

Disk VTOC

disk

verify"

label

Figure 6-5

Current partition table print

/etc/format.dat

name save

Predefined partition tables

Select

Partition Table Locations

You can select a predefined partition table from /etc/format.dat to be read in as the disk's current label by using the following commands within the format utility. ‰ ‰ ‰ ‰

select - Selects a predefined partition table from the list of tables stored in /etc/format .dat. print - Displays the selected partition table. label - Writes the selected partition table to the disk's label. verify - Locates the disk's label and displays the new information.

You can also save a modified partition table to the /etc/format .dat file for later use on other disks by using the commands within Format. • • •

disk - Selects a disk name - Creates a name for the modified partition table save - Saves the named table to /formats for futures use

The format utility, by default, saves disk labels

Solaris Operating Environment System Administration I & II

Page 178 of 563

Solaris SA 1 & 2 - Training Material

Disk Partitioning The following steps describe how to divide a disk into slices: 1.

As root, type format; at the prompt and press Return.

# format Searching for disks...done AVAILABLE DISK SELECTIONS: 0. 1.

c0t0d0 <SUN4.2G cyl 3880 alt 2 hd 16 sec 135> /pci@if,4000/pci@l,l/ide@3/dad@0,0 Clt3d0 <SUN4.2G cyl 3880 alt 2 hd 16 sec 135> /pci@if, 4000/pci@l/isptwo@4/sd@3,0

Specify disk (enter its number): 1

2

The format utility searches for all attached disks. For each disk found, format displays its logical device name, hardware name, physical parameters, and physical device name. Choose the second disk by selecting the number located to the left of that disk's logical device name (for example, 1). The format utility's main menu is displayed.

selecting clt3d0 [disk formatted] FORMAT MENU: disk type partition current format repair show label analyze defect backup verify savevolname

- select a disk - select (define) a disk type - select (define) a partition table - describe the current disk - format and analyze the disk - repair a detective sector - translate a disk address - write label to the disk - surface analysis - defect list management - search for backup tables - read, and display tables - save new disk/partition definitions - set 8 character volume name

Solaris Operating Environment System Administration I & II

Page 179 of 563

Solaris SA 1 & 2 - Training Material

The specific menu selections that are used to divide a disk into slices

Partition — Displays the partition menu label. — Writes the current partition definition to the disk label verify — Reads and displays the disk label quit — Exits the format utility type partition at the format prompt. - change - change - change - change - change - change - change - change

'0' partition '1' partition '2' partition '3 ' partition ‘4’ partition ‘5' partition '6' partition ‘7' partition

select a predefined table modify a predefined partition table name the current table display the current table write partition map and label to the disk execute , then return The partition menu is displayed. This menu enables you to perform the following functions: 0 - Specifies the offset and size of up to eight partitions select - Chooses a predefined partition table from format.dat modify - Changes a predefined partition table name - Identifies the current partition table print - Displays the current partition table lable - Writes the current partition table to the disk label

Solaris Operating Environment System Administration I & II

Page 180 of 563

Solaris SA 1 & 2 - Training Material

4.

Type print at the part it ion prompt to display the disk label that was copied to RAM when the format utility was started.

Current partition table (original) Total disk cylinders available: 2036 +2 (reserved cylinders) Part

Tag

0 1 2 3 4 5 6 7

root swap backup unassigned unassigned unassigned usr unassigned

Flag wm wu wm wm wm wm wra wm

Cylinders 0 - 2520 2521 - 2840 0 - 8892 0 0 0 2841 - 8892 0

Size 1.14GB 147.66MB 4.01GB 0 0 0 2.73GB 0

Blocks (2521/0/0) (320/0/0) (8892/0/0) (0/0/0) (0/0/0) (0/0/0) (6051/0/0) (0/0/0)

2382345 302400 8402940 0 0 0 5718195 0

The name of the partition table is displayed in parentheses in the first line of the table. The columns of the table have the following meanings: • Part - The disk slice number • Tag - The predefined, optional tag • Flag - The predefined, optional flag • Cylinders - The starting and ending cylinder number for the slice • Size - The slice size (Mbytes, Gbytes, Blocks, or Cylinders) • Blocks - The total number of cylinders and the total number of sectors per slice 5. Type 0 (zero) to select slice 0. Partition>0 Palt Tag Flag Cylinders Size 0 Root wm 0-1830 901.20MB Enter partition id tag [ root ]: <press Return> Enter partition permission flagsiwm]: cpress Return> Enter new starting cyl[0]: <press Return> Enter partition size[184S648b, 1831c, 901 . : 40Omb

6.

Blocks 1845640

When prompted for the Id tag enter a question mark (?) and press return, to list the available choice a tag can be changed by typing a new tag name.

Solaris Operating Environment System Administration I & II

Page 181 of 563

Solaris SA 1 & 2 - Training Material

Enter partition id tag(root) : ? Expecting one of the following: (abbreviations ok): unassigned usr home

boot backup alternates

root stand

swap var

Enter partition id tag[root]: 7.

Press the Return key to except the default tag.

8. when prompted for the permission flags, enter a question mark (?) and press Return, to list the available choices. A flag can be changed by typing the new flag name. Enter partition permission flags[wm): ? Expecting one of the following: (abbreviations ok) : wm - read-write, mauntable wu - read-write, unmountable rm - read only, mountable ru - read only, unmount able Enter partition permission flags[wmj: 9. 10. 11. 12.

.

Press the Return key to except the default flags. Press the Return key to except the starting cylinder of 0 (zero). Enter the new partition size for slice 0. Type print.

partition> print Current partition table (unnamed): Total disk cylinders available: 2036 + 2 (reserved cylinders) Part

Tag

Flag

Cylinders

Size

.

.

Blocks

0

root

wm

0 - 2520

1.14GB

(2521/0/0)

2382345

1

swap

wu

2521 - 2840

147.66MB

(320/0/0)

302400

2

backup;

wm

0 - 8892

4.01GB

(8892/0/0)

8402940

3

unassigned

wm

0

0

(0/0/0)

0

4

unassigned

wm

0

0

(0/0/0)

0

5

unassigned

wm

0

0

(0/0'0)

0

6

usr wm

wm

7

unassigned

wm

2841 - 8892 0

Solaris Operating Environment System Administration I & II

2.73GB 0

(6051 0/0) 5718135 (0/0 '0)

0

Page 182 of 563

Solaris SA 1 & 2 - Training Material

The current partition table shows the change to slice 0.

This change has resulted in wasted disk space between slice 0 and slice 1. To remove this undesirable condition, adjust the starting cylinder for the next slice. 13.

Type 1 to select slice number 1..

partition> 1 Part Tag 0 swap

Flag wu

Cylinders 1831 - 1983

Size Blocks 75.30MB (153/0/0) 154213

Enter partition id tag [swap] : Enter partition permission flags [wu]: Enter new starting cyl[1831] : 813 Enter partition size [15422"4b, 153c, 75.30mb]: 60mb 14.

Press the Return key to select the default tag and the default flags.

15.

Enter the new starting cylinder for slice 1.

16. 17.

Enter the new partition size for slice 1. Type print.

partition> print Current partition table (unnamed) : Total disk cylinders available: 2036 + 2 (reserved cylinders) Part Tag 0 root 1 swap 2 backup 3 unassigned 4 unassigned 5 unassigned 6 usr 7 unassigned

Flag Cylinders wm 0 - 2520 wu 2521 - 2840 wm 0 - 8892 wm 0 wm 0 wm 0 wm 2841 - 8892 wm 0

Size 1.14GB 147.66MB 4.01GB 0 0 0 2.73GB 0

Blocks (2521/0/0) (320/0/0) (8892/0/0) (0/0/0) (0/0/0) (0/0/0) (6051/0/0) (0/0/0)

2382345 302400 8402940 0 0 0 5718195 0

The current, partition table shows the change to slice 1. The new starting cylinder for slice 1 is one greater than the ending cylinder for partition 0. This change- has resulted in wasted disk space between slice 1 and slice 7. To remove this undesirable condition adjust the starting cylinder for the next slice.

Solaris Operating Environment System Administration I & II

Page 183 of 563

Solaris SA 1 & 2 - Training Material

18.

Type 7 to select slice number 7.

partition> 7 Part Tag Flag Cylinders Size 7 home wm 1984-2034 25.10MB Enter partition id tag[home]: Enter partition permission flags[wm]: Enter new starting cyl[1831J: 935 Enter partition size[154224b, 153c, 75.30mb]: $

Blocks (51/0/0) 51404

19.

Press the Return key to select the default tag and the default flags.

20. 21.

Enter the new starting cylinder for slice 7. Enter the new partition size for slice 7, by typing a $ sign.

Note - Entering a $ sign as a value for the last partition size automatically assigns the ending cylinder boundary for the last slice. 22.

Type print to display the partition table.

partition> print Current partition table (unnamed): Total disk cylinders available: 2036 + 2 (reserved cylinders) Part

Tag

Flag Cylinders

Blocks Size

0 1 2 3 4 5 6 7

root swap backup unassigned unassigned unassigned usr unassigned

wm wu wm wm wm wm wm wm

0 2521 0 0 0 0 2841 0

-2520 -2840 -8892

-8892

1.14GB 147.66MB . 4. 0lGB 0 0 0 2.73GB 0

(2521/0/0) (320/0/0) (8892/0/0) (0/0/0) (0/0/0) ' (0/0/0) (6051/0/0) (0/0/0)

2382345 302400 8402940 0 0 0 5718195 0

Add up the cylinders in the Blocks column for slice 0, slice 1, and slice 7. The number should equal the total number of cylinders contained in slice 2. 23.

After checking the partition table to ensure there are no errors, label the disk.

partition> label Ready to label disk, continue? y partition>

Solaris Operating Environment System Administration I & II

Page 184 of 563

Solaris SA 1 & 2 - Training Material

Saving a Partition Table to the /etc/format.dat File You can use this optional procedure to add the newly created partition table to the /etc/format.dat file. You save a customized partition table so you can use it to quickly partition other disks of the same type on the system. To save a customized partition table, at the partition menu: 1.

Type name to enter a unique name for the current partition table. (Frequently the disk manufactures name is used.) partition> name Enter table name (remember quotes) : SUN4.2

2.

Exit the partitionmenu. partition> Quit

3.

Type save to save the new partition table information. Enter the - full pathname for the /etc/format.dat file. format> save Saving new partition definition. Enter file name["./format.dat"]: /etc/format.dat

Locating and Using the Customized Partition Table To retrieve a customized partition table, at the format menu: 1. Type partition-format partition 2. Locate and select the customized-partition table from the list, using its assigned number. partition> select 0. original 1. unamed 2. SUN4.2 Specify table (enter its number)(O) : 2 3. Lable the disk with the select partition table partitions label Ready to label disk, continue? yes 4. Exit the partition menu partition> quit 5. Read the new disk label. format> verify 6 Exit the format utility. format> quit

Solaris Operating Environment System Administration I & II

Page 185 of 563

Solaris SA 1 & 2 - Training Material

Repartitioning a Disk with the modify Command You will need to change the size of slices on a disk, as storage requirements grow, or diminish. The easiest way to accomplish this is using the modify command from the partition menu.

Warning - When a disk with existing slices is repartitioned and relabeled, any existing data is inaccessible. Existing data must be copied to backup media before the disk is repartitioned and restored after the disk is relabeled.

The modify command allows root to create slices by specifying the size of each slice without having to keep track of starting cylinder boundaries. It also keeps track of any disk-space remainder in the free hog slice. The free hog slice is used as a disk space accumulator that expands and contracts as other slice sizes are changed.

Using the modify Command The following steps describe how to change the size of a disk slice. In this procedure slice 0 is increased from 128Mbytes to 200Mbytes. 1. 2.

Type format at the prompt and press Return. Select a disk by typing the appropriate number.

# format Searching for disks...done AVAILABLE DISK SELECTIONS: 0. c0t0dC <SUN4.2G cyl 3880 alt 2 hd 16 sec 135> /pciiif,4000/pci@l,l/ide@3/dad@0,0 1. clt3dO <SUN4.2G cyl 3380 all 2 hd 16 sec 135> /pci@if, 4000/pci@l/isptwo@4/sd@3, 0 Specify disk (enter its number): 1 The format utility's main menu is displayed.

Solaris Operating Environment System Administration I & II

Page 186 of 563

Solaris SA 1 & 2 - Training Material

Selecting clt3do (disk formatted) FORMAT MENU disk type partition current format repair show label analyze defect backup verify save inquiry volname : quit

- select a disk - select (define) a disk type - select (define) a partition - describe the current disk - format and analyze the disk - repair a defective sector - translate a disk address - write label to the disk - surface analysis - defect list management - search for backup labels - read and display labels - save new disk/par tit ion definitions - show vendor, product and revision - set 8-character volume name - execute , then return

3. Type partition. The partition menu is displayed. format> partition PARTITION MENU:

0 1 2 3 4 5 6 1 select modify name print label ! quite partition>

- change - change - change - change - change - change - change - change

‘0’ ‘1’ ‘2’ ‘3’ ‘4’ ‘5’ ‘6’ ‘7’

partition partition partition partition partition partition partition partition

- select a predefined table - modify a predefined partition table - name of the current table - display the current table - write partition map - execute . Then return

Solaris Operating Environment System Administration I & II

Page 187 of 563

Solaris SA 1 & 2 - Training Material

4.

5.

Type modify and press Return. partition> modify Select partitioning base: 0. Current partition table (original). 1. All Free Hog Choose base (enter number) [0]? Press the Return key to accept the default selection. The current partition table is displayed.

Part

Flag Cylinders Tag

0 1 2 3 4 5 6 7

Size

root swap backup unassigned unassigned unassigned Usr unassigned

wm wu wm wm wm wm wm wm

0 - 189 190 - 311 0 -8892 0 0 0 312 -8892 0

200.39MB 128.67MB 4.00GB 0 0 0 3.67GB 0

Blocks

(190/0/0) (122/0/0) (8892/0/0) (0/0/0) (0/0/0) {0/0/0} (3568/0/0) (0/0/0)

410400 263520 8402940 0 0 0 7853760 0

Do you wish to continue creating a new partition table based on above table [yes]? 6. 7.

Select the default option by pressing the Return key, or typing yes Press the Return key to accept slice 6 (the default) as the Free Hog partition. If slice 6 does not have space allocated to it, then you must specify another slice.

Free Hog partition [6] ?

Using the Free Hog Slice When root invokes the format utility to change the size of one or more disk slices, a "temporary" slice must be designated that expands and shrinks to accommodate the resizing operations. This temporary slice is used to donate space when another slice is expanded, and it receives, or hogs, the discarded space when a slice is shrunk For this reason, the designated temporary slices sometimes called the tree hog.

Solaris Operating Environment System Administration I & II

Page 188 of 563

Solaris SA 1 & 2 - Training Material

The free hog slice exists only during installation, format. There is no permanent free hog slice during normal operations. 8.

Enter size o£ partition Enter size of partition Enter size of partition Enter size of partition Enter size of partition Enter size of partition 9.

Enter the size of slice 0 as 200mb and press Return.

'0' ‘1’ '3' '4' '5’ '7'

[263520b, 122c, 128.67mb, 0.13gb]: 200mb [263520b, 122c, 128.67mb, 0.13gb]: [0b, 0c, 0.00mb, 0.00gb]: [0b, 0c, 0.00mb, 0.00gb]: [0b, 0c, 0.00mb, 0.00gb]: [0b, 0c, 0.00mb, 0.00gb]:

Press the Return key through the remaining slices (1, 3, 4, 5, 7) to default to their current sizes. Slice 6 is skipped because it has been designated as the Free Hog partition.

In the partition table, slice 6 has decreased in size as the size of slice 0 increased. 10.

Press Return to confirm using this modified partition table. Okay to make this the current partition table [yes]?

11.

Name the modified partition table and press Return. Enter table name (remember quotes): clt3d0.4gb

12.

Write the modified partition table to the disk by typing yes and pressing Return.

13.

Ready to label disk, continue? yes Type quit (or q) and press Return to exit the partition menu. partition> Quit Thy main format menu is displayed.

Solaris Operating Environment System Administration I & II

Page 189 of 563

Solaris SA 1 & 2 - Training Material

Viewing the Disk's VTOC You can use two methods for locating and viewing a ..link's label, or VTOC. The first method is to use the verify command from the format utility. The second method is to invoke the prtvtoc command from the command line.

Reading a Disk's VTOC Using the verify Command I.

At the format prompt, enter the command verify and press Return.

format> verify Primary label contents: ascii name = <SUN4.2G cyl 3890 alt 2'hd 16 sec 135> pcyl = 3382 ncyl = 3880 acyl = 2 nhead = 16 nsect = 135 Part 0 1 2 3 4 5 6 7

Tag root swap backup unassigned unassigned assigned usr unassigned

Flag Cylinders wm 0-189 wu 190 - 311 wm 0 - 8892 wm 0 wm 0 wm 0 wm 312 - 8892 wm 0

Size 200.39MB 128.67MB 4.00GB 0. 0 0 3.67GB 0

Blocks (190/0/0) 410400 (122/0/0) 263520 (8892/0/0) 8402940 (0/0/0) 0 (0/0/0) 0 (0/0/0) 0 (3568/0/0) 7853760 (0/0-0) 0

format> quit 2.

Type quit (or q) and press Return to exit the format menu.

Solaris Operating Environment System Administration I & II

Page 190 of 563

Solaris SA 1 & 2 - Training Material

Reading a Disk's VTOC Using the prtvtoc Command The prtvtoc command gives you the ability to view a disk's VTOC from the command line. For example, # prtvtoc /dev/rdsk/clt3dOs2 * /dev/rdsk/c0t0d0s2 partition map * Dimensions: * 512 bytes/sector * 135 sectors/track * 16 tracks/cylinder * 2160 sectors/cylinder * 3882 cylinders * 3880 accessible cylinders * Flags: * 1: unmountable * 10: read-only

* Partition 0 1 2 6 • • • • • • • • •

Tag 2 3 5 4

Flat 00 01 00 00

First Sector 0 410400 0 673920

Sector Count 408240 671760 8380800 7706880

Last Sector Mount Directory 408240 / 1082159 8380799 8380799 /usr

The disk label information includes the following fields: Dimension- Describes the physical dimensions of the disk. Flags - Describes the flags listed in the partition table. Partition (or slice) - Described in Table 6-1 on page 6-5 Tag - Described in Table 6-1 on page 6-5 Flags - Described in Table 6-1 on page 6-5 00=wm / 01=wu / 10=rm / ll=ru First Sector - Defines the first sector '(disk block) of the slice. Sector Count - Defines the total number of sectors in the slice. Last" Sector - Defines the last sector number in the slice. Mount Directory - Indicates if it is a file system currently in use. If the field is empty the slice is currently not being used. If a directory name appears in this field, the slice is currently being used to store data used to store data.

Solaris Operating Environment System Administration I & II

Page 191 of 563

Solaris SA 1 & 2 - Training Material

The fmthard Command You should save a disk's VTOC to a file, using the prtvtoc command. This allows you to relabel the disk using the fmthard command, should one of the following situations occur. • •

The VTOC on the disk has been destroyed. You accidentally changed the partition information on the disk, and did not save a backup label in the /etc/format .dat file.

By saving the output of the prtvtoc command into a file on another disk, you can use it as the data file argument to fmthard to relabel the disk. fmthard -s datafile /dev/rdsk/c#t#d#s2

Warning - The fmthard command cannot write a disk label on an unlabeled disk. Use the format utility for this purpose.

If one of the situations described above has occurred, and the VTOC was previously saved to a file, you can: 1. 2.

Run format, select the disk, and label it with the default partition table. Use the fmthard command to write the desired label information, save to a datafile back to the disk. For example: # fmthard -s /vtoc/clt3dO /dev/rdsk/clt3dOs2

Solaris Operating Environment System Administration I & II

Page 192 of 563

Solaris SA 1 & 2 - Training Material

CHAPTER - 8

INTRODUCING THE SOLARIS OPERATING ENVIRONMENT UFS FILE SYSTEM

The Solaris Operating Environment ufs File System Objectives •

Upon completion of this module, you should be able to: Describe the three different types of file systems in the Solaris Operating Environment

•

Define the term file system

•

List the components that are contained in the structure of a file system

•

Create a new ufs file system using the newfs command

Solaris Operating Environment System Administration I & II

Page 193 of 563

Solaris SA 1 & 2 - Training Material

File System Types Supported by the Solaris Operating Environment The Solaris Operating Environment supports three different types of file systems: • • •

Disk-based file systems Distributed file systems Pseudo file systems

Disk-Based File System

Disk-based file systems include hard disks, CD-ROMs, diskettes, and DVD. •

ufs –The standard UNIX file system. Under the Solaris Operating Environment, the ufs file system is based on the Berkeley fast file-system.

•

hsfs - The High Sierra file system is a special purpose file system developed for use on CD-ROM media.

•

pcf s - The PC file system is a UNIX implementation of the DOS file attribute table (FAT32) file system. It allows the Solaris Operating Environment to access PC-DOS formatted file systems, giving users direct read/write access to PC-DOS files using UNIX commands.

•

udf -The Universal Disk Format file system for optical storage targeted at DVD and CD-ROM media. Provides for universal data exchange and supports road-write operations.

Solaris Operating Environment System Administration I & II

Page 194 of 563

Solaris SA 1 & 2 - Training Material

Distributed File Systems Distributed file systems provide network access to files system resources. •

nfs - The Network file system allows users to share files between many types of systems on the network. It provides a method of making a disk on one system appear as though it was connected to another system.

Pseudo File System Pseudo file systems are memory-based. These File system types provide access to kernel information and facilities. • • • •

tmpfs - The Temporary file system for file storage in memory without overhead of writing to a disk-based file system. It is created and destroyed every time the system is rebooted. swapfs -The Swap file system used by the kernel to manage swap space on disk(s). fdfs - The File Descriptor file system provides explicit names for opening files using file descriptors (for example,/dev/fd/0, /dev/fd/1, /dev/fd/2) in the /dev/fd directory. procfs -The Process file system contains a list of active processes, by process number, in the /proc directory. Information in this /directory is used by commands such as the ps command.

Solaris Operating Environment System Administration I & II

Page 195 of 563

Solaris SA 1 & 2 - Training Material

Introducing The Solaris Operating Environment Ufs File System

To a user in the Solaris Operating Environment, a file system is a collection of files and directories used to store and organize data for access by the system and users. To the operating system, a file system is a collection of control structures and data blocks that occupy the space defined by a partition and allow for the storage and management of data. The Solaris Operating Environment stores data in a logical file hierarchy. This file hierarchy is referred to as the Solaris directory tree, which is formed by a number of file systems.

root ( / )

opt

bin

usr

lib

rdsk

dev

dsk

passwd

Figure 7-1

kernel etc

default

var

export

init.d shadow

login su

tmp

adm

home

user1 user2 user

Solaris Directory Tree

Note - This is not a complete representation of a Solaris directory tree.

Solaris Operating Environment System Administration I & II

Page 196 of 563

Solaris SA 1 & 2 - Training Material

Every ufs file system must be created on a disk slice before it can be used in the Solaris Operating Environment. Creating a file system on a disk slice enables the Solaris Operating Environment to store UNIX directories and file

The root ( / ) file system

Root ( / )

opt

usr

dev

rdsk

dsk

kernel

etc

var

init.d adm

export

tmp

home

/dev/dsk/c0t0d0s0

bin

lib

/dev/dsk/c0t0d0s6

Figure 7-2

userl

user2 user3

/dev/dsk/c0t0d0s7

solaris ufs file systems residing on disk slices

Solaris Operating Environment System Administration I & II

Page 197 of 563

Solaris SA 1 & 2 - Training Material

Basic Disk Structures The Disk Label (VTOC) The disk label (VTOC) contains the partition table for, the disk, and is located in the first disk sector (512-byte blocks). A disk partition can contain a file system that the Solaris Operating Environment interprets as an organization of directories and files.

The Boot Block The bootstrap program (bootblk) is found in the next 15 disk sectors. Only the root file system has an active boot block, although space is allocated for a boot block at the beginning of each file system.

The Superblock The file system is described by its superblock. The superblock is contained in the 16 disk sectors following the boot block. The superblock is a table of information about the file system including: • • • • • •

The number of data blocks The number of cylinder groups The size of a data block and fragment A description of the hardware (derived from the label) The name of the mount point File system state flag: clean, stable, active, logging, or unknown

Backup Superblocks Because the superblock contains critical data, it is replicated in each cylinder group to protect against catastrophic loss. This is done when the file system is created.

Solaris Operating Environment System Administration I & II

Page 198 of 563

Solaris SA 1 & 2 - Training Material

DISK LABEL bootblk

Primary Superblock

Backup Superblock Cylinder Group Block Inode Table

Data Blocks 8 Kbytes Backup Superblock Cylinder Group Block Inode Table

Data Blocks 8 Kbytes

Figure 7-3

ufs File System Structure

Figure 7-3 shows a series of cylinder groups in a ufs file system

Solaris Operating Environment System Administration I & II

Page 199 of 563

Solaris SA 1 & 2 - Training Material

Cylinder Groups By dividing the partition into cylinder groups. (the minimum default size is 16 cylinders per group), disk access is improved. The file system constantly optimizes the disk by placing file data in one cylinder group, thus reducing head travel. The file system stores files across several cylinder groups if needed.

Cylinder Group Blocks The cylinder group block is a table that describes the cylinder group, including: • • • • • •

The number of inodes The number of data blocks in the cylinder group The number of directories Free blocks, free inodes, and free fragments in the cylinder group The free block map The used inode map

Inode Table The inode table contains the inodes for the cylinder group. An inode (from the term index node) is the internal description of a file and the location of its data blocks. Each cylinder group contains a portion of the total number of inodes.

Data Blocks A data block is the unit of storage for data in the Solaris Operating Environment file system. The data block is 8192 bytes in size by default

Solaris Operating Environment System Administration I & II

Page 200 of 563

Solaris SA 1 & 2 - Training Material

Inodes An inode contains the following information about a file: •

The type of file and the access modes

•

The UID and GID numbers of the filers owner and group

•

The size of the file

•

The time the file was last accessed or modified, and the inode changed

•

The total number of data blocks used by, or allocated to the file

The inode contains two types of pointers: direct pointers and indirect pointers.

Solaris Operating Environment System Administration I & II

Page 201 of 563

Solaris SA 1 & 2 - Training Material

Direct Pointers There are 12 direct pointers, which refer directly to data blocks. The 12 direct pointers can directly reference the data blocks for a file up to 96 Kbytes.

Indirect Pointers The three types of indirect pointers are: • •

•

Single indirect pointer - A single indirect pointers refers to a file system block containing pointers to data blocks. This file system block contains 2048 additional addresses of 8-Kbyte data blocks, which can point to an additional 16 Mbytes of data. Double indirect pointer - A double indirect-pointer refers to a file system block containing single indirect pointers. Each indirect pointer refers to a file system, block containing the data block, pointers. Double indirect pointers points to an additional 32 Gbytes of data. Triple indirect pointer - A triple indirect pointer can reference up to an additional 70 Tbytes of data. However, the maximum file size is limited to 1 Tbyte in a ufs file system.

Solaris Operating Environment System Administration I & II

Page 202 of 563

Solaris SA 1 & 2 - Training Material

Data Blocks The rest of the space allocated to the file system is occupied by data blocks, also called storage blocks. Data blocks are allocated by default in 8-Kbyte logical block sizes, and further divided into a 1-Kbyte fragment. For a regular file, the data blocks contain the contents of the file. For a directory, the data blocks contain entries that give the inode number and the file name of those files contained in that directory.

Free Blocks Those blocks that are currently not being used as ACL lists, indirect address blocks, or storage blocks are marked as free in the cylinder group map. This map also keeps track of fragments to prevent fragmentation from degrading disk performance.

Data Blocks and Fragmentation The method used by the ufs file system to store the contents of a file. which is not large enough to fill one data block is called fragmentation. Data blocks can be divided into eight fragments of 1024 bytes each, for the storage of small files.

Data Block

8192 bytes

1024 bytes Fragment Figure 7.5 Example of a Divided Data Block

if a file, contained in a fragment, -grows and requires more space, it is allocated one or more fragments in the same data block.

Solaris Operating Environment System Administration I & II

Page 203 of 563

Solaris SA 1 & 2 - Training Material

The content of two different files can be stored in fragments in the same data block. For example:

Two files stored in one Data Block 8192 bytes Block A File l

Figure 7-6

file 2

Example of Two Files Stored in One Data Block

If file 1 requires more space than is currently available in the shared 'data block, then the entire contents of that expanding file are moved by ufs into a free data block 'This is a requirement of ufs to assure that all the same file fragments are contained in a whole data block. The ufs file system will not allow fragments of the same file to be stored in two different data blocks.

A single file expanding in another data block 8192 bytes Block B File l

Figure 7-7

Example of an Expanded File

Solaris Operating Environment System Administration I & II

Page 204 of 563

Solaris SA 1 & 2 - Training Material

Shadow Inode Files with an ACL list have two inodes, a ufs mode and a shadow inode. On disk, the ACL lists are stored the same way as the file data, and is referred to through the direct block pointers in the inode. The shadow inode points to the data block that contains the actual ACL list.

File (ufs) Inode

Owner permission Group permission Other permission Shadow address File data address

Shadow Inode

ACL

Data Block

Data Block ACL List

File Data User1: rwx Group 5:r-x

Figure 7-8

Shadow Inode

Solaris Operating Environment System Administration I & II

Page 205 of 563

Solaris SA 1 & 2 - Training Material

Creating ufs File Systems Every disk slice on a newly partitioned disk that is used to store directories or files must have a file system created on it first. As root, you can construct a ufs file system on a disk slice using the newfs command. The newfs command is a front-end to the mkfs command used to create file system file systems. The newfs command is located in the /usr/sbin directory.

Caution - The newfs command is destructive; it overwrites any data that resides on the selected disk slice.

Creating a ufs File System 1.

As root, create a file system on the first slice of a newly partitioned disk. For example:

# newfs /dev/rdsk/clt3d0s0 newfs: construct a new file system /dev/rdsk/clt3d0s0: (y/n)? y /dev/rdsk/clt3d0s0: 410720 sectors in 302 cylinders 17 tracks 80 sectors 200.5MB in 19 cyl groups (16 c/g,. 10.62MB/g,- 5120 i/g) super-block backups (for fsck -F ufs -o b=#) at: 32, 21872, 43712, 65552, 87392, 109232, 131072, 152912, 174752, 196592, 218432, 240272, 262112, 283952, 305792, 327632, 349472, 371312, 393152 2.

The newfs command asks for confirmation before continuing. Verify that the correct disk slice on the correct disk is selected. To proceed, type: y To terminate the process/type: n The newfs command displays information about the new file system being created. The first line printed by newfs describes the basic disk geometry. The second line describes the ufs file system created in this slice The third and remaining lines list the locations of the backup super blocks.

Solaris Operating Environment System Administration I & II

Page 206 of 563

Solaris SA 1 & 2 - Training Material

Note - This process also creates a lost+found directory for the ufs file system. A directory that is used by the file system check and repair (fsck) utility.

3.

Steps 1 and 2 above are repeated for every disk slice (on any newly partitioned disk) that needs to contain a file system.

The newfs command uses a minimum percentage of free space to be maintained in the new file system. This free space in the file system is referred to as minfree.. It specifies the amount of space on the slice that is reserved or held back from regular users. You can use the newfs -m %free command, to preset the percentage of free space when you create a new file system.

To change the minimum percentage value of file system, the system administrator can use the command: tunefs -m % free For example: # tunefs -m 1 /dev/rdsk/clt3dOsO

Solaris Operating Environment System Administration I & II

Page 207 of 563

Solaris SA 1 & 2 - Training Material

CHAPTER - 9 MOUNTING FILE SYSTEMS

Objectives Upon completion of this module, you should be able to: •

Define the term mount point

•

Identify mounted and unmounted file systems

•

Mount file systems using the commands .mount and mountall

•

Describe some of the commonly used options of the mount command: noatime, nolargefiles, and logging

•

Describe the purpose and format of the /etc/mnttab and /etc/vfstab files

•

Define the procedure for mounting different types of file systems

•

List the system files used to determine a file system's type

•

Unmount local and remote file systems using the commands umount and umountall

•

Forcibly unmount a busy file system

•

Describe how to mount and access file systems residing on removable media devices, such as diskettes and CD-ROMs

Solaris Operating Environment System Administration I & II

Page 208 of 563

Solaris SA 1 & 2 - Training Material

Working With File Systems Once you have created a file system, you must attach it to the Solaris Operating Environment directory tree, at a mount point. Amount point, is a directory that is the point of connection for a file system, file systems are commonly referred to by the names of their mount points. For example, the / (root) file system or the usr file system,

In the Solaris Operating Environment, you use the mounting process to attach individual file systems to their mount points on the directory tree. This action makes a file system accessible to the system and to the users, You use the unmounting process to detach a file system from its mount point in the directory tree. This action makes a file system unavailable to the system or users.

Solaris Operating Environment System Administration I & II

Page 209 of 563

Solaris SA 1 & 2 - Training Material

Figure 8-1 illustrates how the directory tree spans from one file system to the next. File system do not contain their own mount point directories.

The root (/) file system

/ (root) on / dev / dsk/c0t0d0s0

opt

etc

dev

Default

dsk

usr

kernel

var

export

var

home

application1 application2 on / dev /dsk/c0t0d0s5

bin

share

lib

on / dev /dsk/c0t0d0s6 The / opt file system The /usr file system

user 1

user 1

user 1

on / dev /dsk/c0t0d0s6

The /export /home file system

Figure 8-1 File systems and Mount Points Solaris Operating Environment System Administration I & II

Page 210 of 563

Solaris SA 1 & 2 - Training Material

Identifying Mounted File Systems The mount Command All users can determine which file systems are currently mounted by running the mount command, which is located in the /sbin directory.

The /etc/mnttab File The mount command maintains the /etc/mnttab file, mounted file system table. Each time a file system is mounted, an entry is added to this file by mount. Whenever a file system is unmounted, its entry is removed from the mnttab file. A typical /etc/mnttab file is shown below: # mount / on /dev/dsk/c0t0d0s0 read/write/setuid on Thu Apr 13 17:25:29 2000 /usr on /dev/dsk/c0t0d0s6 read/write/setuid on Thu Apr 13 17:26:30 2000 /var on /dev/dsk/c0t0d0sl /read/write on Mon Mar 6 17:58:20 2000 /proc on /proc read/write/setuid on Thu Apr 13 17:26:28 2000 /dev./fd on fd read/write/setuid on Thu Apr 13 17.26:31 2000 /etc/mnttab on mnttab read/write/setuid on Thu Apr 13 17:26:34 2000 /var/run on swap read/write/setuid on Thu Apr 13 17:26:34 2000 /tmp on swap read/write/setuid on Thu Apr 13 17:26:38 2000 /opt on /dev/dsk/c0t0d0s5 read/write/setuid on Thu Apr 13 17:26:38 2000 /export/home on /dev/dsk/c0t0d0s7 /read/write on Mon Mar 6 17:58:21 2000 The fields in the mount output are described in the example below. /export/home on /dev/dsk/c0t0d0s7 /read/write on Mon Mar 6 17:58:21 2000

mount point

•

device name

mount options

date and time mounted

Mount Point - The mount point, or directory name where the system is to be attached to within the root file system, (for example: /usr, /opt).

Solaris Operating Environment System Administration I & II

Page 211 of 563

Solaris SA 1 & 2 - Training Material

•

Device Name - The name of the device that is mounted at the mount point. This block device is where the file system is physically located.

•

Mount Options - The list of mount options in effect for the file system.

•

Date and Time Mounted - The date and time the file system was mounted to the directory tree.

Mount Table Changes in /etc/mnttab In previous Solaris Operating Environment releases, /etc/mnttab was a text file that stored information about mounted file systems. In Solaris this file is an mntfs file system -that provides read-only' information directly from the kernel about mounted files systems for the local host.

Note - No administration is required for the /etc/mnttab mount table

The /var/run File System The /var/run file system is a new tmpfs mounted file system, in the Solaris Operating Environment. It is the repository for temporary system files that are not needed across system reboots in this Solaris Operating Environment release. It is mounted as a pseudo file system rather than a disk-based file system. The /var/run directory requires no administration. for security reasons, it is owned by root. The / tmp directory continues to be repository for temporary files

Solaris Operating Environment System Administration I & II

Page 212 of 563

Solaris SA 1 & 2 - Training Material

Mounting file Systems The /usr/sbin/mount The mount command not only lists which file systems are currently mounted, it is also provides the root user with a method for mounting file systems. You can mount file systems manually by root running the mount command, or the system can automatically mount file systems at boot time after consulting the /etc/vfstab file.

Note -The /etc/vfstab file lists file systems to be mounted when the system is booted. This file is covered in detail later in this module.

Command format mount

[ option (s)]

device_name mount_point

Mounting a Local File System Manually To mount a local file system manually, you need to know the name of the device where the file system resides, and its mount point directory name. For example: # mount /dev/dsk/c0t0d0s7 /export/home In this example, the default action is to mount the file system with the following preferences: read/write, setuid, nologging, and largefiles. •

read/write- Indicates the file permissions. Access is based on the permissions of the files and directories in the file system. (The default for hsfs file systems is ro.)

•

setuid- Permits the execution of setuid programs in the file system.

Solaris Operating Environment System Administration I & II

Page 213 of 563

Solaris SA 1 & 2 - Training Material

•

no logging - Disables logging for the ufs file system.

•

large files — Allows for the creation of files larger than 2 gigabytes. A file system mounted with this option may contain large size files.

Note - Due to file system overhead, the largest file size that can be created is 866 Gbytes.

Using Options With the mount Command When using mount options on the command line, the options are preceded by the -o flag. When multiple options are used, they are entered as a comma separated list following the –o flag. mount -o options, option,... device name mount point Some options used to mount local file systems include: ro, nosetuid, noatime, nolargefiles, and logging. •

ro - Mounts the file system as read-only.

The following is an example using this option on the command line: # mount -o ro /dev/dsk/c0t0c0s7 /export/home •

nosuid - Prohibits the execution of setuid programs in the file system. This does not restrict the creation of setuid programs.

The following example shows the use of multiple options on the command line: •

# mount -o ro, nosuid. /dev/dsk/c0t0d0s7 /export/home noatime - Suppresses the time last accessed modification on files, reducing disk activity on a file system where access times are not important. Specifying this option generally improves file access times and boots overall performance. For example: # mount -o noatime /dev/dsk/c1t0d0s7 /export/home

•

nolargefiles – Prevents a file system containing one or more “large files” from being mounted. For example.

Solaris Operating Environment System Administration I & II

Page 214 of 563

Solaris SA 1 & 2 - Training Material

# mount -o nolargefiles /dev/dsk/c0t0d0s7 / export/home Using the nolargefiles option fails if the file system to be mounted contains a large file, or did contain a large file at one time.

If the file system currently contains a large file, and root needs to mount it with this option, then the large file(s) must be located, and moved or removed from the file system. Then you must run the file system check program manually to update the superblock information.

The mount will also fail if the file system at one time contained a large file, even though it was moved or removed. You must run the file system check program to clear the old information and allow the file system to be mounted.

Note - Module 9, "Maintaining File Systems" describes the file system check program (fsck).

•

logging-Enables logging for a ufs file system. For example:

# mount -o logging /dev/dsk/cOtOdOs7 /export/home UFS file system logging is a process of storing file system transactions, or changes that make up a complete file or directory operation, into a log before they are applied to the file system. Once a transaction is stored, the complete transaction can be applied or reapplied to. the file system later.

The ufs log is allocated from free blocks in the file system. It is sized approximately 1 Mbyte per 1 Gbyte, up to a maximum of 64 Mbytes. As a ufs log reaches its maximum size, it begins to write transactions to the file system (for example, disk). When the file system is unmounted the entire ufs log is emptied and all transactions are written to disk.

Solaris Operating Environment System Administration I & II

Page 215 of 563

Solaris SA 1 & 2 - Training Material

UFS logging offers two advantages. First it prevents file systems from becoming inconsistent; therefore, eliminating the need to run lengthy fsck scans. Secondly, you can bypass fsck scanning, which reduces the time required to reboot a system if it was stopped by a method other than an orderly shutdown.

Solaris Operating Environment System Administration I & II

Page 216 of 563

Solaris SA 1 & 2 - Training Material

Automatic Mounting of File systems The Virtual File System Table: /etc/vfstab The Solaris Operating Environment provides several methods for automating file system mounts. One method is to add the file system(s) to the /etc/vfstab file. This file lists all the file systems that are to be automatically mounted at system boot time. The /etc/vfstab file provides you with another important feature. If the /etc/vfstab file contains the mapping between the mount point and the actual device name, root can manually mount a file system specifying only the mount point on the mount command-line.

For example: # mount /export/home

The /etc/vfstab File A default /etc/vfstab file is created during the Solaris Operating Environment software installation, based on your selections. However, the system administrator can edit the /etc/vfstab file whenever file entries need to be added or modified. The following is an example of an /etc/vfstab file, on a system with one disk (c0t0d0). The file format includes seven fields per line entry, each field is separated by a Tab. A - (dash) character indicates an empty field. Commented lines begin with the # symbol.

# cat /etc/vfstab # device # to mount

device to fsck

mount point

FS type

Solaris Operating Environment System Administration I & II

fsck pass

mount at boot

mount options

Page 217 of 563

Solaris SA 1 & 2 - Training Material

# /dev/dsk/cld0s2 fd /proc /dev/dsk/cdt0d0sl dev/dsk/c0t0d0s0 /dev/dsk/c0t0d0s6 /dev/dsk/c0t0d0s3 /dev/dsk/c0t0d0s7 swap

/dev/rdsk/cld0s2 ---/dev/rdsk/c0t0d0s0 /dev/rdsk/c0t0d0s6 /dev/rdsk/c0t0d0s3 /dev/rdsk/c0t0d0s7 --

/usr /dev/fd /proc / /usr /opt /export/home /tmp

ufs fdfs procfs swapfs ufs ufs ufs ufs tmpfs

1 1 1 1 1 -

yes no no no no no yes yes yes

noatime logging

To add a line entry, you need the following information: the device where the file system resides; the name of the mount point; the type of file system; whether it is to be mounted automatically during a system boot; and any mount options. For example: device to mount — The block device to be mounted. For example, a local ufs file system: /dev/dsk/c#t#d#s# or a -pseudo file system: /proc. device to fsck — The raw or character device to be checked by the file system check program (fsck). mount point — The name of the directory where the device should be added to the Solaris Operating Environment directory tree. FS type — The type of file system to be mounted. fsck pass — Indicates whether the file system is to be checked by fsck at boot time. A whole number placed in this field indicates a yes. A - (dash) or a 0 (zero) indicates a no. mount at boot — Enter a yes to enable the mountall command to mount the file systems at boot time. Enter a no to prevent a file system mount at boot time.

Note - For / (root) and /usr, the mount at boot field value is specified as no. These file systems are mounted by the kernel as part of the boot sequence before the mountall command is run.

mount options — A comma-separated list of options to be passed to the mount command.

Solaris Operating Environment System Administration I & II

Page 218 of 563

Solaris SA 1 & 2 - Training Material

The usr/sbin/mountall Command The /etc/vfstab file is read by the /usr/sbin/mountall command during the system boot sequence; and mounts all file systems specified in vfstab that have a yes in the mount at boot field. The root user can use this command to manually mount every file system in /etc/vfstab that has a yes in the mount at boot field. For example: # mount all To mount only the local file systems specified in the /etc/vfstab file: # mount all -1

Checking File Systems Before Mounting Each local file system in the vfstab file that has a device to fsck entry and a fsck pass number is checked by fsck to determine if the file system is in a usable state to be safely mounted. If the file system is found to be in an unusable state (for example, corrupted), it is repaired by fsck before the mount is attempted. Any local file systems with a '-' or '0' (zero) entry in the fsck pass field will attempt to be mounted without being checked.

Solaris Operating Environment System Administration I & II

Page 219 of 563

Solaris SA 1 & 2 - Training Material

Unmounting File Systems The /usr/sbin/umount Command Unmounting a file system using the umount command removes it from the file system mount point and deletes the entry from the /etc/mnttab file. Some file system administration tasks cannot be performed on mounted file systems. A file system is commonly unmounted if it is no longer needed, if it needs to be checked and repaired by fsck, or if it needs to be backed up completely.

Note - Notify users before unmounting a file system they are currently accessing.

To manually unmount a file system using the mount point or directory name:

# umount /export/home or # umount /dev/dsk/c0t0d0s7

Solaris Operating Environment System Administration I & II

Page 220 of 563

Solaris SA 1 & 2 - Training Material

Automatic Unmounting of File Systems The /usr/sbin/ umountall Command The /etc/mattab file is also read by the /usr/sbin/umountall command during the system shutdown sequence and unmounts all file systems specified in vf stab except / (root), /usr, /proc, /dev/fd, /var, /var/run, and /tmp.

Manually Unmounting all File Systems This command can be run by root to manually unmount all the file systems listed in /etc/mnttab. For example: # umountall

To unmount all local file systems specified in the /etc/mnttab file: # umountall -1

To verify that a file system or a number of file systems have been unmounted, invoke the mount command and check the output.

Solaris Operating Environment System Administration I & II

Page 221 of 563

Solaris SA 1 & 2 - Training Material

Commands to Unmount a Busy file System Any file system that is busy is not available for unmounting. Both the umount and umountall command display the error message: umount: file system_name busy A file system is considered to be busy if one of the following conditions exists: a program is accessing a directory in the file system; a user is in the file system mount point directory; a program has a file open in that file system, or it is being shared.

There are two methods to make a file system available for unmounting if it is busy. • •

fuser command -To list all the processes accessing the file system, and kill them if necessary. umount. -f command - To force the unmount of a file system.

Note - The umount Environment.

-f command is new in the Solaris

Operating

Using the fuser Command To stop all processes from accessing a file system: 1. As root, list all the processes accessing the file system. Use the following command to identify which processes need to be terminated. # fuser -cu mount_point This displays the name of the file system and the user login name for each process currently active in the file system. 2.

Kill all processes accessing the file system. # fuser –ck mount_point A SIGKILL is sent to each process using the file system.

Solaris Operating Environment System Administration I & II

Page 222 of 563

Solaris SA 1 & 2 - Training Material

3. 4.

Verify there are no processes accessing the file system. # fuser -c mount_point Unmount the file system. # umount mount_point

Using the umount -f Command As root, you can unmount a file system even if it is busy using the -f (force) option with umount. This is a new option in the Solaris Operating Environment.

#umount -f mount_point The file system is unmounted even if there are open files. A forced unmount can result in loss of data. However, it is particularly useful for unmounting a shared file system if the remote file server is nonfunctional.

Solaris Operating Environment System Administration I & II

Page 223 of 563

Solaris SA 1 & 2 - Training Material

Procedure for Mounting a New File System The general procedure outlined below briefly describes the steps for adding a new disk to the system, preparing the disk to hold a file system, and mounting the file system. 1.

Set up the disk hardware. Includes setting address switches and connecting cables.

2.

Perform a reconfiguration boot to add support for the new device.

3.

Use the format utility to partition the disk into one or more slices.

4.

Create a new file system structure on one slice using the newfs command..

5.

Create a mount point for the file system by creating a new directory in the root file system using the mkdir command. For example: # mkdir /database

6.

Mount the new file system manually using the mount command, For example: # mount /dev/dsk/clt3dOs3 /database

7.

Check to see if the file system is mounted with the mount command. # mount

8.

# device # to mount

Edit the /etc/vfstab file to add a line entry for the new file system. The file system will automatically be mounted whenever the system boots. device mount FS fsck mount mount to fsck point type pass at boot options

Solaris Operating Environment System Administration I & II

Page 224 of 563

Solaris SA 1 & 2 - Training Material

Removable Media Device Management To access file systems on diskettes and CD-ROMS, the Solaris Operating Environment gives users a standard interface referred to as Volume Management. Volume Management provides three major benefits: •

It automatically mounts diskettes and CD-ROMs for users.

•

It allows access to diskettes and CD-ROMs without having to become root.

•

It can give other systems on the network automatic access to any diskettes and CD-ROMs currently inserted in the local system.

The volume management service is controlled by the /usr/sbin/vold daemon. By default, this service Is always running on the system to automatically manage diskettes and CD-ROMs for regular users. Volume management provides automatic detection of CD-ROMs. However, it does not detect the presence of a diskette that has been inserted in the drive until it is informed, by the volcheck command. You run this command to instruct vold to check the diskette drive for installed media.

Note - Automatic detection of diskettes would cause excessive reads, which would quickly wear out the drive.

Accessing Mounted Diskettes and CD-ROMs To make working with diskettes and CD-ROMs simple for your users, each device is mounted in an easy-to-remember location by vold • For diskettes, vold automatically mounts the device alter you insert the diskette and run the volcheck command. • For CD-ROMs, vold automatically mounts the device when you insert the CD into the drive

Solaris Operating Environment System Administration I & II

Page 225 of 563

Solaris SA 1 & 2 - Training Material

If vold detects that the mounted diskette or CD-ROM contains a file system, then the device is mounted at the directory location described in Table 8-1. Table 8-1

Directory Locations

Media Device First diskette drive First CD-ROM drive

Access file systems Or. /floppy/floppyO /cdrom/cdromO

If vold detects the mounted diskette or CD-ROM does not contain a file system, the raw device is accessible using the following paths described in Table 8-2. Table 8-2

Paths for Accessing Raw Devices

Media Device First Diskette Drive First CD-ROM Drive

Access Raw Device On /vol/dev/aliases/floppyO /vol/dev/aliases/cdromO

When volume management is running on the system, a regular user can easily access a diskette or CD-ROM following these basic steps: 1. 2. 3. 4.

Insert the media. For diskettes only, use the volcheck command. Work with files on the media. Eject the media.

Administering Volume Management To restrict regular users from accessing diskettes or CD-ROMs on the systems root can terminate the volume management service. To stop volume management from running on a system temporarily the following command would be run by root.

# /etc/init.d/volmgt stop

Solaris Operating Environment System Administration I & II

Page 226 of 563

Solaris SA 1 & 2 - Training Material

To restart the volume management service, the following command is invoked by root. # /etc/init.d/volmgt start

Administering Volume Management Two configuration files are used by volume management.

File

Description

/etc/vold.conf

The volume management configuration file. This defines items such as what action should be taken when media is inserted or ejected, what devices are used, and what file system types are unsafe to eject.

/etc/rmmount.conf

The rmmount command configuration file. The rmmount command is a removable media mounter that is executed by the volume management daemon whenever a CD-ROM or diskette is inserted.

Accessing a Diskette or CD-ROM Without Volume Management When volume management is not running, then only root can mount and access a diskette or CD-ROM, using the following: 1

Insert the media device.

2.

Become root.

3

Create a mount point, if necessary.

4

Determine the file system type.

5

Mount the device using the proper mount options.

6

Work with files on the media device.

Solaris Operating Environment System Administration I & II

Page 227 of 563

Solaris SA 1 & 2 - Training Material

7.

Unmount the media device.

8.

Eject the media device.

9.

Exit the root session.

Solaris Operating Environment System Administration I & II

Page 228 of 563

Solaris SA 1 & 2 - Training Material

Mounting Different types of File Systems Different file system types have unique properties that affect how the mount command functions. By default the mount command assumes it is mounting a ufs type file system. However, when mounting a different type of file system, its type may have to be specified on the command line. You use -F option on the mount command to specify the type of file system to be mounted.

Specifying a hsfs File System Type As root, to mount a file system that resides on a CD-ROM, when the volume management services are stopped: # mount -F hsfs -o ro /dev/dsk/c0t6d0s0 /cdrom In this example the file system type is hsfs, the file system resides, on disk slice /dev/dsk/cOt6dCsO, and the mount point used, /cdrom is a pre-existing directory in the Solaris Operating Environment.

Specifying a pcfs file System Type As root, to mount a file system that resides on a diskette, when the volume management services are stopped: # mkdir /pcfs # mount -F pcfs /dev/diskette /pcfs In this example, the file system type is pcfs, the file system resides on the device /dev/diskette, and the mount point used, /pcfs had to be created.

Solaris Operating Environment System Administration I & II

Page 229 of 563

Solaris SA 1 & 2 - Training Material

Determining a File System's Type Because the mount commands needs the file system type to be specified to function properly, it must be explicitly specified, or it will have to be determined by searching the following files. •

The /etc/vfstab for FS type field.

•

The /etc/default/fs file for local file system type.

•

The /etc/dfs/fstypes file for remote file system type.

If the file system's type has not been explicitly specified on the command line using mount -F FStype option, mount looks in /etc/vfstab to determine the file systems type, using its block device name, raw device name, or mount point directory name. If you cannot determine the file system's type by searching /etc/vfstab, mount uses the default file system type specified in either /etc/default/fs or /etc/dfs/fstypes, depending on whether the file system is local or remote. The default local file system type is specified in /etc/default/fs by the line entry LOCAL=fstype. For example: LOCAL=ufs The default remote file system type is determined by the line entry in the/etc/dfs/dfstypes file. For example: nfs NFS Utilities

Finding a File System's Type To determine a file system's type to use with the option of the mount command, run the following grep command to display the information # grep mount-point fs-table mount-point — Specifies the mount point directory name of the file system. For example, the /var directory.

Solaris Operating Environment System Administration I & II

Page 230 of 563

Solaris SA 1 & 2 - Training Material

fs-table – Specifies the absolute path to the file system table used to search for the file system’s type. If the file system is mounted, fs-table should be /etc/mnttab.If the file system is not mounted, fs-table should be /etc/vfstab. The following example uses the /etc/vfstab to determine the type of the /export/home file system. # grep / export /home /etc/vfstab /dev/dsk/c0t0d0s7 dev/rdsk/c0t0d0s7 #

/export/hone ufs

1

yes

-

The fstyp Command The fstyp command can also be used with the raw device name of the disk slice to determine a file system's type. For example: # fstyp /dev/rdsk/c0t0d0s7 ufs

Solaris Operating Environment System Administration I & II

Page 231 of 563

Solaris SA 1 & 2 - Training Material

CHAPTER – 10

THE DIRECTORY HIERARCHY

Objectives Upon completing this module you should be able to: ‰

Identify the four main file types in the Solaris Operating Environment

‰

Describe the functions provided by regular files, directories, symbolic links, device files, and -hard links

‰

Define the function of each subdirectory found directly within the root directory

Solaris Operating Environment System Administration I & II

Page 232 of 563

Solaris SA 1 & 2 - Training Material

The Solaris Operating Environment File Types The Solaris Operating environment supports a standard set of files: -found in nearly all UNIX-based operating systems. In general, files provide a means of storing data, activating devices, or allowing interprocess communication. Of the different types of files that exist, four could be described types in the Solaris Operating Environment, which include: ‰ ‰ ‰ ‰

Regular or ordinary files Directories Symbolic links Device files

Regular Files, directories, and symbolic links all store one or more kind of data. Device files differ from the other three because they do not store data; instead, they provide access to devices.

Files that provide inter-process communication include sockets named pipes, and doors. These last three types of files are not described in this module

Solaris Operating Environment System Administration I & II

Page 233 of 563

Solaris SA 1 & 2 - Training Material

Identifying File Types Using the ls command, you can easily distinguish different file types from one another. In the following example, the first column of information the Is -1 command displays indicates the file type.

The following examples show partial listings on an Ultra 5 system from directories that contain a mix of different file types:

# cd /etc # ls -1 total 428 drwxr-xr-x lrwxrwxrwx ./mail/aliases drwxr-xr-x drwxr-xr-x -rwxr—r— -rw-r—r— -rw-r—r— (output truncated)

2 adm 1 root

adm root

512 apr 14 apr

3 10:42 acct 3 11:05 aliases->

2 root 2 root 1 root 1 root 1 root

sys bin sys bin bin

512 apr 512 apr 360 apr 50 apr 113 apr

3 10:44 ami 3 10:45 apache 3 10:45 asppp.of 3 10:45 auto_home 3 10:45 auto_ master

# cd /devices/pci@lf,0/pci@l,l/ide@3 # ls -1 total 0 brw--------- 1 root crw ------1 root brw-----1 root crw------1 root (output truncated)-

sys sys sys sys

136, 136, 136, 136,

0 Apr 0 Apr i Apr 1 Apr

3 3 4 3

11:11 dad@0,0:a 11:11 dad@0, 0:a. raw 11:06 da,di?0,0:b 11:11 dad@0, 0:b,raw

The character in the first column identifies each file's type, as follows: ‰ ‰ ‰ ‰ ‰

— Regular files d - Directories 1 -Symbolic links b - Block special device files c Character special device files

Solaris Operating Environment System Administration I & II

Page 234 of 563

Solaris SA 1 & 2 - Training Material

File Names, Inodes, and Data Blocks All files in the Solaris Operating Environment make use of a file name and a record called an inode. Most files also make use of data blocks. File names are the objects most often used to access and manipulate files Inodes are the objects the system uses to record information about a file. Data blocks are units of disk space used to store data.

To exist, a file must have a name that is associated with an inode. In general, inodes contain two parts. First they contain information about the file, including who owns it, its permissions and size. Second, they contain pointers to data blocks associated with the file. Subsequent modules that describe the ufs file system describe the content of inode records in detail. However, in general, a file name is associated with an inode, and an inode provides access to data blocks.

For understanding file types, use Figure 4-i to visualize these relationships. Filename

inode number

Data blocks

Figure 4-1

File Names, Inodes, and Data Blocks

Inodes are numbered, and each file system its own separate of inodes when you create a new file system it generates a complete list of inodes found in that file system.

Solaris Operating Environment System Administration I & II

Page 235 of 563

Solaris SA 1 & 2 - Training Material

Regular Piles A regular file simply holds data. Perhaps the most common file type found in the Solaris Operating Environment are regular files, which allow you to store many different kinds of data. Regular files can hold ASCII text, binary data, image data, databases, application-related data, and more.

You can create regular files in many ways. For, example, you could use vi to create an ASCII text file, or you could use a compiler to create a file that contains binary data. The touch command creates a new, empty regular file. filel I Data Text Binaries Images Application dData Databases

d 1282 Creation methods Text editors Compilers

Data blocks

Application programs Database programs Commands (e.g. touch)

Purpose Regular files store data Figure 4-2 Regular Files Figure 4-2 describes a regular file called filel. As illustrated, the name filel is associated with inode number 1282. The data blocks associated with filel can hold one of many kinds of data, and the file could have been created in one of many different ways.

Solaris Operating Environment System Administration I & II

Page 236 of 563

Solaris SA 1 & 2 - Training Material

Symbolic Links A symbolic link is a file that points to another file. Like directories, symbolic links contain only one kind of data.

A symbolic link contains the pathname of the file to which it points Because symbolic links use pathnames to point to other files, they can Point to files found in, other file systems. Also, the size of a symbolic link always matches the number of characters found in the pathname it contains.

For example, the symbolic link called /bin points to the directory ./usr/bin. Its size is 9 bytes because the pathname ./usr/bin contains nine characters.

# cd / # ls -1 total 135 Irwxrwxrwx 1 root (output truncated).

root

0 Apr 3 10:39 bin -> ./usr/bin

Symbolic links can point to regular files, directories, other symbolic links, and device files. And they can use absolute or relative pathnames.

Solaris Operating Environment System Administration I & II

Page 237 of 563

Solaris SA 1 & 2 - Training Material

Purpose Symbolic links refer to other file names. A symbolic link contains the pathname of the file to which it points Figure 4-4

Symbolic Links

Figure 4-4 describes a symbolic link file called linkl. As illustrated, the name linkl is associated with inode number 3561. The data blocks associated with linkl contain the pathname of the file to which linkl points. Depending on the length of the pathname the link contains, it can either reside directly in the link's lnode record or in data blocks. The In command with the -s option creates a symbolic link. Symbolic links direct read and write operations to the file to which they point. In the example above it shows how using linkl as a command's argument would cause that command to refer to the file called filel.

Solaris Operating Environment System Administration I & II

Page 238 of 563

Solaris SA 1 & 2 - Training Material

Device Files A device file provides access to a device. Unlike regular files, directories, and symbolic links, device files do not use data blocks. Instead, in their inode information, they hold numbers that refer to devices. Where the file size displays for other file types, listings of device files display two numbers, separated by a comma.

These two numbers are called major and minor device numbers. In the example below, the device file dad@0,0a refers to major device number 136 and minor device number 0.

# cd /devices/pci@lf,0/pci&l,l/ide@3 # ls -1 total 0 brw------ 1 root sys 136, 0 Apr 3 11:11 dad@0,0:a crw------ l root sys 136, 0 Apr 3 11:11 dad@0,0:a,raw (output truncated)

A major device number identifies the specific device driver required to access a device. A minor device number identifies the specific unit of the type that the device driver controls.

dad@0,0:a

Data Major and minor device numbers

inode 90681

Creation methods devfsadm (Solaris) drvconfig (<= Solaris 7) mknod (Solaris 1)

Purpose Device files activate devices. Their major and minor device numbers refer to specific device drivers and individual devices.

Figure4-5

Device Files

The device file dad@0,0:a described in Figure 4.5 occupies inode number 90681. That inode contains the major and minor device numbers that refer to a specific device, in this case, a slice or a disk.

Solaris Operating Environment System Administration I & II

Page 239 of 563

Solaris SA 1 & 2 - Training Material

In general, device files are created automatically when you perform a reconfiguration reboot. In the Solaris Operating Environment, you can use the devfsadm command to create new device files manually. Before the Solaris Operating Environment you used drvconfig.

Information about interpreting device file names and procedures for creating device files manually and automatically are described in later modules.

Figure 4-6

Device File Example

Figure 4-6 illustrates the relationship between the device file dad&0, 0:a and the disk device it controls. The inode information for dad@0,0: a contains major number 136 and minor number 0. Major device number 136 identifies the dad device driver. The dad device driver controls IDE disk drives. Minor number 0 identifies slice 0 of the master disk on the first IDE bus. Device files fall into two categories: character-special device and block-special devices. Character-special devices are also called simply character or raw devices. Block special devices are often called simply block devices. These two categories of device files interact with devices differently.

Character Device Files The file type “c’ identifies character device files. For disk devices, character device files call for I/O operation based on the disks smallest addressable unit or sectors Each sector is 512 bytes in size.

Solaris Operating Environment System Administration I & II

Page 240 of 563

Solaris SA 1 & 2 - Training Material

Block Device Files The file type “b” identifies block device files. For disk devices, block device files call for I/O operations based on a defined block size. The block size depends on the particular device, but for UFS file systems, the default block size is 8 Kbytes brw -------

1 root

sys

136,

0 Apr 3 11:11 dad@0,0: a

Solaris Operating Environment System Administration I & II

Page 241 of 563

Solaris SA 1 & 2 - Training Material

Hard Links A hard link is the association between a file name and an inode. A hard link is not a separate type of file. Every type of file uses at least one hard link. Every entry in a directory constitutes a hard link. Think of every file name as a hard link to an inode. When you create a file, using touch for example, you create a new directory entry that links the file name you specify with a particular inode. In Figure 4-7, the file called filel is listed in the directory dirl. In dirl, the name filel is associated with inode number 1282, In this way, simply creating a new file creates a hard link.

Figure 4-7

Hard Links

Information in each inode keeps count of the number of file names associated with it. This is called a link count. In the output from ls -1, the link count displays between the file permissions and the owner column. In the following example, filel uses one hard link.

# touch filel # ls –1 total 0 1 root -rw-r--r--

1 root other

Apr

1 15:26 filel

Using the command, you can create new hard links to regular files. The command in filel file2 file2 creates a new directory entry called file2, associate with the same inode associated with the same inode associated with file.

Solaris Operating Environment System Administration I & II

Page 242 of 563

Solaris SA 1 & 2 - Training Material

figure 4-8 illustrates the result, where two file names are associated with inode number 1282. These file names are functionally identical. Unlike symbolic links, hard links cannot span file systems.

Figure 4-8

File Names Associated With an Inode Number

Creating the new hard link increments the link count. In the example below, inode 1282. now has .two hard links; one for filel and the other for file2. The Is -li command lists the inode number in the leftmost column. #In filel file2 # Is -1 total 0 -rw-r—r-- 2 root other -rw-r—r— 2 root other # Is -li total 0 1282 -rw-r—r-- 2 root 1282 -rw-r--r-- 2 root

0 Apr 7 15:26 filel 0 Apr 1 15:26 file2

other 0 Apr 1 15:26 file1 other 0 Apr 7 15:26 file2

Deleting one of the file names has no effect on the other. The link count decrements accordingly. # rm filel # ls -li total 0 1282 -rw-r--r--

1 root

other 0 Apr

Solaris Operating Environment System Administration I & II

15:26 file2

Page 243 of 563

Solaris SA 1 & 2 - Training Material

The root Subdirectories The directory tree is organized for administrative convenience. Branches within this tree segregate directories used for different purposes. For example directories exist to hold files that are private to the local system, files to share with other systems, and home directories. Logically all directories fall below the root (/) directory. Physically, all directories can be located on one file system or divided among more than one file system. Every Solaris Operating Environment has a root file system and can have other file systems attached at points within the directory tree. File systems are structures created on disk slices, and they contain or hold files and directories. The terms file systems and disk-slices are only briefly explained here because they are described in detail in subsequent modules.

Note - file systems are described in Module 7. Disk slices are described in Module 6. See also, man -s5 file system for information on file system organization.

The Solaris Operating Environment is comprised of a hierarchy of critical system directories and files that are necessary for the operating system to function properly. ‰ ‰

/ - Root of the overall file system name space. /bin - This directory is a symbolic link to the /usr/bin directory. It is the directory location for standard system commands, or binary files.

Solaris Operating Environment System Administration I & II

Page 244 of 563

Solaris SA 1 & 2 - Training Material

‰

/dev — Primary location for logical device name. These are symbolic links that point to device files in the /devices directory. Table 4-1 describes the contents of the /dev directory.

Table 4-1

The /dev Directory Contents

Directory

Description

/dev/cua

Dial out device files for uucp

/dev/dsk

Block disk devices

/dev/ f bs

Frame buffer for device files

/dev/ f d

File descriptors

/dev/md

Logical volume management meta-disk devices

/dev/pts

Pseudo terminal devices

/dev/rdsk

Raw disk devices

/dev/rmt

Raw magnetic tape devices

/dev/sound

Audio device and audio device control files

/dev/term

Serial devices

‰

/devices — Primary location for physical device names. These are device files

Solaris Operating Environment System Administration I & II

Page 245 of 563

Solaris SA 1 & 2 - Training Material

‰

/etc- Host-specific system administrative configuration files and databases. Table 4-2 describes the contents of the /etc directory.

Table 4-2

The /etc Directory Contents

Directory

Description

/etc/acct

Accounting configuration information

/etc/cron. d

Configuration information for cron

/etc/default

Defaults information for various programs

/etc/inet

Configuration files for network services

/etc/init.d

Scripts for changing between run levels

/etc/lib

Dynamic linking libraries needed when /usr is not available

/etc/lp

Configuration information for the printer subsystem

/etc/mail

Mail subsystem configuration information

/etc/nfs

NFS server logging configuration file

/etc/openwin

OpenWindowsTM configuration files

/etc/opt

Configuration information for optional packages

/etc/rc#,d

Scripts for entering/leaving run level #

/etc/skel

Default profile scripts for new user accounts

‰ ‰ ‰

‰

/export - Default directory for commonly shared file systems, such as users home directories, client file systems, or other shared file systems. /home - Default directory or mount point for users home directories. When AutoFS is running, you cannot create any new entries in this directory. /kernel - Directory of platform-independent loadable kernel modules required as part of the boot process. It includes the generic part of the core kernel that is platform independent /kernel qenunix. /mnt – convenient, temporary mount point file systems

Solaris Operating Environment System Administration I & II

Page 246 of 563

Solaris SA 1 & 2 - Training Material

‰

/opt - Default directory or mount point for add-on application packages.

‰

/sbin - Essential executables used in the booting process and in manual system failure recovery.

‰

/tmp - Temporary files; cleared during boot sequence.

‰

/usr - Mount point for the /usr file system. This directory name is an acronym for UNIX System Resources. Table 4-3 describes the contents of the /usr directory.

Table 4-3

The /usr Directory Contents

Directory

Description

/usr/bin /usr/ccs /usr/demo /usr /dt /usr/include /usr/Java

Location for standard system commands C compilation programs and libraries Demonstration programs and data Directory or mount point for CDE software Header files (for C programs, and so on) Directories containing JavaTNC technology programs and libraries Various program libraries, architecturedependent databases, and binaries not invoked directly by the user Directories containing OpenWindows programs Configuration information for optional packages Files for online man page and character processing Symbolic link to the /var/spool directory

/usr/lib

/usr/openwin /usr/opt /usr/pub /usr/spool

‰

/var - Directory for varying files, which usually includes temporary, logging, or status files.

Solaris Operating Environment System Administration I & II

Page 247 of 563

Solaris SA 1 & 2 - Training Material

CHAPTER - 11

MAINTAINING FILE SYSTEMS

Objectives Upon completion of this module, you should be able to: •

Describe why fsck is necessary

•

Describe how to check and repair a file system

•

Display disk space usage by file systems

•

Display disk usage of a directory

•

Display disk usage by user name

•

Demonstrate how to repair the /etc/vfstab file when the system fails to boot completely

Solaris Operating Environment System Administration I & II

Page 248 of 563

Solaris SA 1 & 2 - Training Material

The File System Check Program A file system can become damaged if it is corrupted from a power failure, a software error in the kernel, a hardware failure, or an Improper shutdown of the system. The file system check program, fsck, checks the data consistency of a file system and corrects or repairs any inconsistencies or damage found.

Caution - Never run fsck on a mounted file system. It could leave the file system in an unusable state and delete data. Always run fsck on unmounted file systems only.

Every time a system boots, fsck automatically performs a file system. consistency check, fsck checks and repairs any problems encountered in file systems before they are mounted. When file system is mounted with the ufs logging option, it eliminates the need to run fsck because logging prevents the file system from becoming inconsistent.

Note -The status of a file system's state flag determines whether the file system needs to be checked by fsck. When the file system is "clean," "stable," or "logging," file system checks are not run.

Data Inconsistencies Checked by fsck The fsck command makes several passes through a file system, each time it scans to check the following types of file system inconsistencies.

The lost+found Directory The fsck command puts files and directories that are allocated but . unreferenced in the lost+ found directory located in that file system. The inode number of each file is assigned as its name. If the lost+found directory does not exist fsck creates it, and if there is not enough space in the lost+found directory fsck increases its size.

Solaris Operating Environment System Administration I & II

Page 249 of 563

Solaris SA 1 & 2 - Training Material

However, if a more serious inconsistency is found, and a decision has to be made, the fsck program terminates and leaves the system in single-user mode. You must run fsck interactively to continue.

Interactive Mode During this process, fsck lists each problem it encountered, followed by a suggested corrective action, in the form of a question that requires a yes or no response. By responding yes, fsck applies the corrective action and moves on. By responding no, fsck will often simply repeat the original problem and suggest corrective action, and not move forward until you respond with a yes. For example: # fsck /export/home ** /dev/rdsk/c0t0d0s7 ** last Mounted on /export/home ** Phase 1 - Check 'Blocks and Sizes INCORRECT BLOCK COUNT I=743 (5 should be 2) CORRECT?

Using the fsck Command The following examples demonstrate how the system root can use the fsck command to check the integrity of file systems. •

To check a single unmounted file system, execute the following command. # fsck /dev/rdsk/c0t0d0s7 This is the only way to check .1 file system that has not been entered in the /etc/vfstab file.

•

To check a file system using the 'mount point directory name as listed in the /etc/vfstab file, execute the following command # fsck /opt

Solaris Operating Environment System Administration I & II

Page 250 of 563

Solaris SA 1 & 2 - Training Material

The following example has fsck check and repair the file system in noninteractive mode and exit if a serious problem requiring intervention is encountered.

# fsck -o f,p /dev/rdsk/c0t0d0s5 /dev/rdsk/c0t0d0s5: 77 files , 9621 used, 46089 free /dev/rdsk/c0t0d0s5: (4 frags, 57 blocks, 0.0% fragmentation) The f option forces checking of the file system regardless of the state of its superblock clean flag.

The p option checks and fixes the file system non-interactively (preen). The program exits immediately if a problem requiring intervention is found. This option is required to enable parallel file system checking.

Solaris Operating Environment System Administration I & II

Page 251 of 563

Solaris SA 1 & 2 - Training Material

Troubleshooting with fsck If problems occur in a file system, you are alerted by fsck. Some of the more common file system errors that require interactive intervention are described in. the following sections.

Reconnecting an Allocated Unreferenced File In this example, the fsck program discovers an inode that is allocated but unreferenced or not linked in any directory. A yes response to the RECONNECT? question causes fsck to save the file to the lost+found directory and names it using the inode number.

** Phase 3 - Check Connectivity UNREF FILE 1=788 OWNER=root MODE=100644 SIZE=19994 MTIME=Jan 18 10:49 1999 RECONNECT? y To determine what type of file had to moved to the lost+found directory by fsck: 1.

List the contents of the file systems lost+found directory, for example: # Is /export/home/lost+found #788

2.

Determine the file type, using the file command, for example: # file / export/home/lost+found/#788 /export/home/lost+found/#788: ascii text

3.

To view the contents of the ASCII text file use the more or cat command. To view the contents of a binary file use the strings command. If the file is associated with an application, (e.g. a word processing document), it would be necessary to use the application to view the contents of the file. # cat /export/home/lost+found/#788

4

If the file is intact and you know where it belongs, the file can copied back to its original location in the file system. For example: # cp export/home/lost+found/#788 /export/home/user1/report

Solaris Operating Environment System Administration I & II

Page 252 of 563

Solaris SA 1 & 2 - Training Material

Adjusting a Link Counter In this example, the fsck program discovers that the value of a directory inode link counter and the actual number of directory links are inconsistent. A yes response to the ADJUST? question causes fsck to correct the directory inode link counter from 4 to 3. ** Phase 4 - Check Reference Counts LINK COUNT DIR 1=2 OWNER=root MODE=40755 SIZE-512 MTIME=Jan 18 15:59 1999 COUNT 4 SHOULD BE 3 ADJUST? y

Salvaging the Free List In this example, the fsck program discovers that the unallocated block count and the free block number listed in the superblock are inconsistent. A yes response to the SALVAGE? question causes fsck to update the information in the file system superblock.

** Phase 5 - Check Cyl groups CG 0: BAD MAGIC NUMBER FREE BLK COUNT(S) WRONG IN SUPERBLK SALVAGE? y

Using Backup Superblocks Superblock corruption can cause a file system to be unmountable. You know when a file system is unusable when the message "Can' t mount file system name appears. For example: Can't mount /dev/dsk/c0t0d0s7 which can appear during a system boot or when manually mounting the file system. If fsck fails because of a corrupted superblock it returns an error-message informing you that it must be run using an alternative superblock backup to recover the file system.

Solaris Operating Environment System Administration I & II

Page 253 of 563

Solaris SA 1 & 2 - Training Material

The corrective action is to run fsck using the -o option with the b flag. The b flag is followed by a backup superblock number. Every file system always has an alternate backup superblock at block number 32, which can be given to fsck to repair the main superblock. For example:

# fsck -o b=32 /dev/rdsk/c1t3d0s0 Alternate super block location: 32. ** /dev/rdsk/clt3d0s0 ** Currently Mounted on ** Phase 1 - Check Blocks and Sizes ** Phase 2 - Check Pathnames ** Phase 3 - Check Connectivity ** Phase 4 - check Reference Counts ** Phase 5 - Check Cyl groups 171 files, 3762 used, 5984 free (79 frags, 748 blocks, 0.1% fragmentation) The fsck program takes the information in the backup superblock, compares it with the actual file system and attempts to rebuild the main superblock. If however, this block is part of the file system that was damaged it is unusable. You must select another backup superblock for fsck to continue. To list the locations of all the alternate backup superblocks in the file system, run the newfs -N command. For example:

#'newfs -N /dev/rdsk/c#t#d#s#

Caution -This method works if the underlying file system was built using the newfs default parameters. If the file system was not built with these defaults, then you must run newfs -N using the identical parameters to generate identical superblock locations.

You use the -N option to print out file system parameters that would be used to create a new file system without actually creating the tile system.

Solaris Operating Environment System Administration I & II

Page 254 of 563

Solaris SA 1 & 2 - Training Material

A portion of that print out is a list of all the backup superblock locations that can be used with fsck -o b#. For example:

# newfs -N /dev/rdsk/c0t0d0s7 newfs -N /dev/rdsk/c0t0d0s7 /dev/rdsk/c0t0d0s7 : 3537040 sectors in 2327 cylinders of 19 tracks, 80 sectors 1727.1MB in 73 cyl groups (32c/g, 23.75MB/g, 5888 i/g) super-block backups (for fsck -F ufs -o b=#) at: 32, 48752, 97472, 146192, 194912, 243632, 292352, 341072, 389792, 487232, 535952, 584672, 633392, 730832, 779552, 828272, 876992, 925712, 974432, 1023152, 1071872, 1169312, 1218032, 1266752, 1315472 1364192,. 1412912, 1461632,. 1510352, 1556512, 1605232, 1653952, 1702672, 1751392, 1800112, 1848832, 1897552, 1946272, 1994992, 2043712, 2092432, 2141152, 218S872, 2238592, 2287312, 2336032, 2384752, 2433472, 2482192, 2530912, 2579632, 2628352, 2677072, 2725792, 2774512, 2823232, 2871952, # You could use any other alternative superblock number in the list with fsck.For example

# fsck -o b=535952 /dev/rdsk/c0t0d0s? Alternate super block location: 5359528. ** /dev/rdsk/c0t0d0s7 ** Last Mounted on ** Phase 1 - Check Blocks and Sizes ** Phase 2 - Check Pathnames ** Phase 3 - Check Connectivity ** Phase 4 – Check Reference Counts **Phase 5 - Check -Cyl groups 7 files, 14.used, 279825 free (17 frags, 347891 blocks, 0.0% fragmentation) #

Solaris Operating Environment System Administration I & II

Page 255 of 563

Solaris SA 1 & 2 - Training Material

Monitoring File System Usages An important activity of a system administrator is to monitor file system usage on a regular basis. There are four useful commands available for this task, which include df, du, ff and quot. • df — Display the number of free disk blocks and files. • du - Summarize disk usage. • ff - List files names and statistics for a file system. • quot - Summarize file system ownership.

The df Command You use the df command to display the amount of disk space occupied by mounted file systems. It lists the amount of used and available space, and how much of the file system's total capacity is used. Command Format df [-k] [directory] Options -k

Displays usage in Kbytes and subtracts the space reserved by the operating system from the amount of available space.

To display the capacity of file systems, use the following command: # df -k file system /dev/dsk/c0t3d0s0 /dev/dsk/c0t3d0s6 /proc fd /dev/dsk/c0t3d0sl /dev/dsk/c0t3d0s5 swap

kbytes used avail capacity Mounted on 38111 19196 18877 51% / 565503 361529 203409 64% /usr 0 0 0 0% /proc 0 0 0 0% /dev/fd 25159 4886 20248 20% /var 27439 20362 7050 75% /opt 45980 12 45968 1% /tmp

Solaris Operating Environment System Administration I & II

Page 256 of 563

Solaris SA 1 & 2 - Training Material

The amount of space that is reported as used and avail is less than the amount of total space in the file system. A fraction of space, from 1 percent to 10 percent, is reserved in each file system. When all the reported space on the file system is In use, its capacity is displayed as 100 percent. Regular users receive the message "File System Full" and cannot continue working. The reserved space is still available to root, who can delete or back up files to free space in the file system. The following lists the fields displayed by df -k file system Mounted file system kbytes used avail capacity Mounted on.

Size of the file system in Kbytes (1024 bytes) Number of Kbytes used Number of Kbytes available Percentage of file system capacity used Mount point

The du Command You use the du command to display the number of disk blocks (512 bytes) used by directories and files.

Command Format du [-a] [-s] [-k] (directory)

Solaris Operating Environment System Administration I & II

Page 257 of 563

Solaris SA 1 & 2 - Training Material

Options -k -s

Displays in Kbytes. Displays only the summary in 512-byte blocks. Using the s and k options together will show the summary in Kbytes. Displays the number of blocks used by all files and directories within the specified directory hierarchy.

-a

To display disk usage in kilobytes, execute the following: # cd /opt # du -k 8 3 4 16

./lost+found ./SUNWits/Graphics-sw/xil/lib ./SUNWits /Graphics -sw/xil ./SUNWits/Graphics-sw/xgl/demo

38 11392 20362

./netscape/movemail-src ./netscape .

To display disk usage including files, execute the following: # du -ak /usr 16 /usr/lost+found 2 /usr/X 2 /usr/lib/liblCE.so 2 /usr/lib/libICE.so.6 2 /usr/lib/libMrm.so 6 /usr/kvm /usr To display a summary of disk usage, execute the following # du -sk /usr 723057 /usr

Solaris Operating Environment System Administration I & II

Page 258 of 563

Solaris SA 1 & 2 - Training Material

The ff Command The ff command provides a list of pathnames and inode numbers of files in the file system. The command output is sorted in ascending inode number order. For example:

# ff /dev/dsk/c1t3d0s5 /dev/dsk/clt3d0s5: inode# pathname inode# pathname inode# pathname inode# pathname inode# pathname

The quot Command The quot command displays how much disk space (in Kbytes) is being used by users

Note - The quot command can only be run by root

Command Format quot [-af]

[file system...]

Options a f

Reports on all mounted file systems Includes number of files

To display disk space being used by users on all mounted file systems, execute the following: # quot -af /dev/rdsk/c0t0d0s0 14326

1284

root

Solaris Operating Environment System Administration I & II

Page 259 of 563

Solaris SA 1 & 2 - Training Material

1 1 /dev/rdsk/c0t0d0s6 (/usr): 197394 6962 161203 11884 2140 232 1 1

sys root bin lp adm.

The columns represent Kbytes used, number of files, and owner, respectively

To display a count of the number of files and space owned by each user for a specific file system, execute the following: # quot -f /dev/dsk/clt0d0s5 /dev/dsk/clt0d0s5: 134 103 140

62 84 32

root user1 user9

Solaris Operating Environment System Administration I & II

Page 260 of 563

Solaris SA 1 & 2 - Training Material

Troubleshooting Repairing Important Files if Boot Fails The /etc/vfstab file is an important system file. If it becomes corrupted or contain editing errors, it can cause the system boot to fail. The following procedure describes how to boot from the Solaris Operating Environment software CD-ROM to edit the /etc/vfstab file. 1.

Insert the Solaris Operating Environment software CD-ROM 1 of 2 into the CD-ROM drive.

2.

Run a single-user boot from the CD-ROM.

0k boot cdrom -s Boot device: /pci@lf,0/pci@l,l/ide@3/cdrom@2,0:f File and args -s SunOS Release 5.8 Version Generic_106541-02 [UNIX(R) System V Copyright (c) 1983-1999 by Sun Microsystems, Inc. Configuring the /dev and /devices directories INIT: SINGLE USER MODE #

Note - Performing a single-user boot operation from this Software CD-ROM creates an in-memory copy of the / (root) file system, which supports your ability to perform administrative tasks.

3.

Use the fsck command on the / (root) partition to check and repair any potential problems in the file system. fsck /dev/rdsk/c0t0d0s0

4.

If fsck completed successfully, mount the / (root) file system on the /a directory, to gain access lo the file system on disk. /dev/dsk/c0t0d0s0 /a

5.

Set and export the TERM variable which enables the vi editor to work properly

# TERM=sun # export TERM

Solaris Operating Environment System Administration I & II

Page 261 of 563

Solaris SA 1 & 2 - Training Material

6.

Edit the /etc/vfstab file and correct any problems. Then exit the file. # vi /a/etc/vfstab

7.

Unmount the file system. # cd / # umount /a

8.

Reboot the system. # reboot

Solaris Operating Environment System Administration I & II

Page 262 of 563

Solaris SA 1 & 2 - Training Material

CHAPTER - 12

SCHEDULING PROCESS CONTROL

Objectives Upon completion of this module, you should be able to: •

Start the CDE Process Manager to monitor and control active processes

•

Report active process statistics using the prstat command

•

Schedule the automatic execution of commands, programs, or scripts using the commands at and crontab

•

Define the files used to control user access to the commands at and crontab

•

Create and execute an at job

•

Describe the location and format of a crontab file

•

Demonstrate the steps to create, view, edit, and remove a crontab file

Solaris Operating Environment System Administration I & II

Page 263 of 563

Solaris SA 1 & 2 - Training Material

Processes Running on the System A process is any program that is running on the system. All processes are assigned a unique process identification number (PID), which is used by the kernel to track and manage the process. The PID numbers are used by root and regular, users to identify and control their processes.

Viewing Processes and PIDs The Ps (process status) command is commonly the method used for viewing a list of processes currently running on a system. However, there are two other methods for managing process which include: • •

The CDE Process Manager The prstat command

Note - The prstat command is new with the Solaris Operating Environment.

Solaris Operating Environment System Administration I & II

Page 264 of 563

Solaris SA 1 & 2 - Training Material

The prastat Command The prstat command interactively examines and displays information about active processes on the system. This command enables you to view information by specific processes, UIDs, CPU IDs, or processor sets. By default, prstat displays information about all processes sorted by CPU usage. # prstat To quit prstat type: q Table 10-1 Column Headings for the prstat Command Column Heading PID

Description The process identification number of the process.

USERNAME

The login ID name of the owner of the process.

SIZE

The total virtual memory size of the process.

RSS

The resident set size of the process in kilobytes, megabytes, or gigabytes.

STATE

PRI

The state of the process: cpu - process is running on the CPU. sleep - process is waiting for an event to complete. run - process is in run queue. zombie - process terminated and parent not waiting. stop-process is stopped. The priority of the process.

NICE

The value used in priority computation.

TIME

The cumulative execution time for the process.

CPU

The percentage of recent CPU time used by the process.

PROCESS/NLWP

The name of the process. The number of LWPs in the process.

Note - Lightweight process (LWP) is a virtual CPU or execution resource. LWPs are scheduled by the kernel to use available CPU resources based on their scheduling class and priority.

Solaris Operating Environment System Administration I & II

Page 265 of 563

Solaris SA 1 & 2 - Training Material

Table 10-2 describes some options for the prstat command. Table 10-2 Options for the prstat Command

Option

Description

-a

Displays separate reports about processes and users at the same time.

-c

Continuously prints new reports below previous reports.

-n nproc

Restricts the number of output lines.

-p pldlist

Reports only on processes that have a PID in the given list.

-s key

Sorts output lines by key in descending order. The five possible keys include: cpu, time, size, rss, and pri. You can use only one key at a time.

-S key

Sorts output lines by key in ascending order

-1

Reports total usage summary for each user.

-u euidlist

Reports only processes that have an effective user ID in the given list.

-U euidlist

Reports only processes that have an effective user ID is in the given list.

Solaris Operating Environment System Administration I & II

Page 266 of 563

Solaris SA 1 & 2 - Training Material

Scheduling the Automatic Execution of Commands Users can schedule a job for a one-time execution at a specified time by using the at command. Users can schedule a job to be executed repetitively, at regular intervals, by using a crontab file. The cron daemon is responsible for scheduling; and running; these jobs.

Note - The cron daemon is started at system boot and runs continuously in the background.

The cron tab Command A crontab file is used to automatically execute commands or scripts repetitively, at regularly scheduled intervals. All crontab files are maintained in /var/spool/cron/crontabs/username (s), The crontab command enables the user to view, edit or remove a crontab file.

Solaris Operating Environment System Administration I & II

Page 267 of 563

Solaris SA 1 & 2 - Training Material

The crontab File Format A crontab file consists of commands, one per line that will be executed at regular intervals. The beginning of each line contains date and time information that tells the cron daemon when to execute the command. These first five fields are separated by spaces, and indicate when the command will be executed. 10

3

*

*

0

/usr/lib/newsyslog

The minute field can hold values between,0 and 59. The hour field can hold values between 0 and 23 The day-of-month field can hold values between 1 and 31. The month field, can hold values between 1 and 12, January to December. The day-of-week field can hold values between 0 and 6. Sunday is 0. The command field contains the command to be run by cron.

Figure 10-3

Fields in a crontab File

The first five fields can follow these format rules: n

Matches if field value is n

n.p.q

Matches if field value is n,p, or q

n-p

Matches if field has values between n and p inclusive Matches any value (or can be used as a placeholder)

Solaris Operating Environment System Administration I & II

Page 268 of 563

Solaris SA 1 & 2 - Training Material

Crontab for the root User A crontab file, /var/spool/cron/crontabs/root, is provided in the Solaris Operating Environment for the root user. By default, regular users do not have crontab files. The root crontab file contains the following command lines by default: # ident "@(#)root 1.19 98/07/06 SMI" /* SVr4.0 1.1.3.1 # The root crontab should be used to perform accounting data collection. # # The rtc command is run to adjust the real time clock if and when # daylight savings time changes. # 10 3 * * 0,4 /etc/cron.d/logchecker 10 3 * * 0 /usr/lib/newsyslog 15 3 * * 0 /usr/lib/fs/ufs/nfsfind 1 2 * * * [ -x /usr/sbin/rtc ] &&. /usr/sbin/rtc -c > /dev/null 2>&l 30 3 * * * [ -x /usr/lib/gss/gsscred_clean ] && /usr/lib/gss/gsscred_clean

•

*/

The first line instructs cron to run logchecker at 3:10AM on Sunday and Thursday. The second line instructs cron to run newsyslog at 3:10AM every Sunday. The third line instructs cron to execute nfsfind every Sunday at 3:15AM. The fourth line instructs cron to check daily-for Daylight Savings Time and make corrections if necessary. The fifth line instructs cron to check for and remove duplicate entries in the Generic Security Service table, /etc/gss gsscred_db.

Solaris Operating Environment System Administration I & II

Page 269 of 563

Solaris SA 1 & 2 - Training Material

Using crontab -l to View a Crontab file To view the contents of the root crontab run the followmg command, as root: # crontab -1 This is the same command regular users would run to view the, contents of their own crontab file. As root, you can view the contents of any regular user's crontab by running the command: # crontab -1 username

Editing a crontab File To create or edit a crontab file, follow these steps: 1. Check that the EDITOR variable is set to the editor you want to use. This instruct cron on which editor to use to open the file. For example: # EDITOR=vi # export EDITOR 2.

Run the following crontab command to open your crontab file, and add the following entry.

# crontab -e 30 17 * * 5 /usr/bin/banner "Time to go!" > /dev/console :wq

Controlling crontab Access Control access to crontab with two files in the /etc/ cron. d directory • •

/etc/cron.d/cron.deny /etc/cron.d/cron.allow

Solaris Operating Environment System Administration I & II

Page 270 of 563

Solaris SA 1 & 2 - Training Material

The at Command The at command is used automatically execute a job at a specified time Just once.

Command Format at [-m] [-r job] [-q queuename] [-t time] [date]

Options The options that can be used to instruct cron on how to execute an at fob include:

-t time

Specifies a time for the command to execute. Includes the following formats: h, hh, hh:mm now noon midnight A 24-hour clock is assumed unless you use am/AM or pm/PM on the command line.

date

Specifies a date for the command to execute. Includes formats, such as: month followed by a day number, (e.g. Jun 6) name of a day, (e.g. Friday) today tomorrow

-m

Sends mail to the user after the job has finished. This is the default for root.

-t

Removes a scheduled at job from the queue,

-q.

queuename Specify a specific queue.

Solaris Operating Environment System Administration I & II

Page 271 of 563

Solaris SA 1 & 2 - Training Material

Executing the at Command To create an at job to run at a specified time to locate and delete core files: # at 8:45 pm

at>find /export/home/user2 -name core -exec rm {} \; at> commands will be executed using /bin/ksh job 891550468.a at Thu Apr 2 14:45:00 2000 To display information about execution times of jobs:

# at -1 [ job_ld ] 897543900, a Thu Apr 2 14:45:00 2000 To display the jobs queued to run at specified times by ranking order:

# atq Rank. 1st

Execution Date Apr 2, 2000 14:45

Owner user2

Job Queue 8915504G8.a a

Job Name stdin

To remove a job from the at queue: 1

# at -r 891550468.a To view all the at jobs currently scheduled in the queue:

# ls -1 /var/spool/cron/atjobs -r-S-------1 user2 staff 634 Apr 2 14:45 891550468.a -r-S-------1 userl staff 321 Apr 2 21:02 952725600.a

Denying at Access By default, the Solaris Operating Environment includes the file /etc/cron.d/at .deny. This file identifies users who are prohibited from vising the at command. The file format is one user name per line.

Solaris Operating Environment System Administration I & II

Page 272 of 563

Solaris SA 1 & 2 - Training Material

A user who is denied access to at receives the following message when attempting to use this command: at: you are not authorized to use at.

Sorry.

If the /etc/cron.d/at.deny file-exists, but is empty, then all logged in users can access the at command.

Allowing at Access As root, you can create the file /etc/cron.d/at.allow to list the names of users who are permitted to use the at command. When this file exists, it is read before the /etc/cron.d/at.deny file. If a user name exists in both files then that user will be denied access to the at command.

When neither the at .deny or the allow files exists, only root can use this command.

Solaris Operating Environment System Administration I & II

Page 273 of 563

Solaris SA 1 & 2 - Training Material

CHAPTER - 13

SYSTEM BOOT PROCESS

Objectives Upon completion of this module, you should be able to: • • • • • • • • • •

Describe the four phases of the boot process Identify the directories that contain the kernel and its loadable modules Modify the kernel's configuration file Describe the eight Solaris Operating Environment run levels Define a system's current run level using the who -r command Explain the purpose of the /etc/inittab file Describe the steps in the init process to bring a system to multiuser mode List the directories that hold the run control scripts used to stop and start system processes and services Describe the steps to add a new run control script Use the following commands to shut down the system: init, shutdown, halt, power off and reboot

Solaris Operating Environment System Administration I & II

Page 274 of 563

Solaris SA 1 & 2 - Training Material

The Solaris Operating Environment Run Levels A run level is a digit or a letter representing a system state that defines what services and resources are currently available to users. The system is always running in one run level.

Run levels are sometimes referred to as init states because the init process is used to transition between run levels. You can use the init command to manually initiate run-level transitions. The Solaris Operating Environment has eight run levels, which are described in the following table. Table 13-1 Solaris Run Levels Run

Level

Function

0

Shuts down the Solaris Operating Environment and displays the boot PROM ok prompt so it is safe to turn off power to the system. Runs as single user with all file systems mounted and accessible.

s or S

1

Indicates system is running IN a single-user administrative state with access to all available file systems.

2

Indicates system is running in multi-user operations. Multiple users can access the system. All system daemons are running except for the NFS server daemons.

3

Indicates system is running in multi-user operations with NFS resource-sharing available. Specified as the default run level in the /etc/inittab file.

4

This level is currently not implemented.

5

Shuts down the Solaris Operating Environment and powers off the system.

6

Shuts down the system to run level 0, and then reboots to multi-user operations, (or the level set in the default in the /etc/inittab file).

Solaris Operating Environment System Administration I & II

Page 275 of 563

Solaris SA 1 & 2 - Training Material

Determining a System's Current Run Level

To determine the current run level of a system, use the following command.

# who -r run level 3

Current run level

Jun 9

08:30

Date and Time of last run level change

3

current run level

0

S

Previous run level

Number of times at this run level since last reboot

Solaris Operating Environment System Administration I & II

Page 276 of 563

Solaris SA 1 & 2 - Training Material

The Boot Process: In general, when a system is turned on, the PROM monitor runs a quick self-test

procedure that checks the hardware and memory on the system. If no errors are found, the system begins the automatic boot process. The entire boot process is described by four distinct phases: 1) Boot PROM phase 2) Boot Programs phase 3) Kernel Initialization phase 4) init phase Boot PROM phase: The following describes the Boot PROM phase: ƒ

ƒ ƒ ƒ ƒ ƒ

PROM runs POST (The boot PROM firmware runs the power on self test (POST) to verify the system’s hardware and memory. The PROM displays the system identification banner, for example, model type, amount of installed memory, PROM version number, PROM serial number, Ethernet Address, and Host ID. Boot determines the boot device. Boot locates the bootblk on the boot device. Boot loads the bootblk from its location on the boot device into memory. The primary booth program, bootblk, is located in a fixed location on the boot device in sectors 1-15. Its purpose is to load the secondary boot program located in the ufs file system on the boot device.

Boot Programs phase: The following describes the Boot Programs phase: ƒ ƒ

ƒ ƒ ƒ

Bootblk loads the secondary boot program, ufsboot from the boot device into memory. The path to ufsboot is recorded in the bootblk, which is installed by the solaris utility installboot. Ufsboot locates and loads the appropriate two-part kernel. The kernel is comprised of a two piece static core called gennix kernel file and unix is the platform specific kernel file. When ufsboot loads these two files into memory, they are combined to form the running kernel. On a 32 bit system, the twopart kernel is located in the directory/platform/’uname –m’/kernel. On a 64 bit system, the twopart kernel is located in the directory/platform/’uname – m’/kernel/sparcv9. Note: To determine the platform name (Eg: the sytem hardware class, type the command uname –m. For example, by typing this command on a Sun Ultra 10 it would display: sun4u

The kernel initialization Phase: The following describes the kernel initialization phase: ƒ

ƒ ƒ

The kernel initializes itself and begins loading modules. The kernel uses ufboot to read the files. When it has loaded enough modules to mount the root file system it unmaps the ufsboot program and continues on. The kernel reads its configuration file called / etc/system. The kernel starts the /sbin/init process.

The SunOS kernel consists of a small, static core (genunix and unix) and many dynamically loadable kenel modules. Modules can consist of device drivers, file systems, streams, as well as other types used for specific tasks within the system. The modules which comprise the kernel typically reside in the directories /kernel and usr/kernel. Platform dependent modules reside in the /platform/’uname –m’/kernel and /platform/’uname – I’/kernel directories. Each subdirectory located under these directories is a collection of similar-type modules.

Solaris Operating Environment System Administration I & II

Page 277 of 563

Solaris SA 1 & 2 - Training Material

Solaris Operating Environment System Administration I & II

Page 278 of 563

Solaris SA 1 & 2 - Training Material

PROM runs POST boot locates boot-device Boot PROM Phase boot reads bootblk boot loads bootblk

Bootblk loads secondary Boot program (ufsboot) Boot Programs phase

Kernel Initialization phase

ufsboot loads kernel 32-bit kernel or 64-bit kernel kernel initialises itself loads modules Reads configuration file /etc/system

init phase

kernel starts /etc/init init starts re scripts

Figure 13-1 Phases of the Boot Process

Solaris Operating Environment System Administration I & II

Page 279 of 563

Solaris SA 1 & 2 - Training Material

kernel

sys

sched

misc

fs

exec

strmod

drv genunix

Figure 13-2

-Module Subdirectories in /kernel

The following describes the types of module subdirectories contained in/kernel, /usr/kernel, /platform./'uname -m /kernel, or /platform/' uname i'/kernel directories: • • • • • • •

sys - System calls (defined interfaces for applications to use) exec — Executable file formats fs - File system types, for example, ufs, nfs, and proc misc - Miscellaneous modules (virtual swap) sched - Scheduling classes (process execution scheduling) strmod - Streams modules (generalized connection between users and device drivers) drv - Device drivers

The /kernel/drv directory contains all of the device drivers used for system boot. The directory /usr/kernel/drv is used for device drivers.

Solaris Operating Environment System Administration I & II

Page 280 of 563

Solaris SA 1 & 2 - Training Material

Modules are loaded automatically as needed either at boot time or on demand, if requested by an application. When a module is no longer in use it is unloaded on the basis that the memory it uses up is needed for another task. The advantages of this dynamic kernel arrangement is the overall size of the kernel is smaller making more efficient use of memory and allowing for simpler modification and tuning.

32-bit Kernel /platform/’uname -m'/kernel/genunix /platform/'uname -m'/kernel/unix 64-bit Kernel /platform/ 'uname -m'/kernel/sparcv9/genunix /platform/ 'uname -mV kernel/spar cv9/unix

Module directories Modules /kernel /usr/kernel /platform/ uname –m’/kernel /platform/unama -i /kernel Sch'ed Modules

Figure 13-3

MEMORY Static Core genunix unix Device Driver Modules Streams Modules FS Modules Sched Modules

Kernel and Modules Loaded In Memory

Note - The sparcv9 is the type of CPU that supports 64-bit processing.

Configuring the kernel The /etc/system file is the control file for specifying which modules and parameters are to be loaded by the kernel at boot time. By default, all lines in this file are commented out. Modifying-the kernel's behavior (or configuration) requires editing the /etc/system file. Altering this file allows the system administrator to -modify the kernel's treatment of loadable modules, as well as kernel parameters for some performance tuning.

Solaris Operating Environment System Administration I & II

Page 281 of 563

Solaris SA 1 & 2 - Training Material

The boot program contains a list of default loadable kernel modules which are loaded at boot time. However, you can override this list by modifying the /etc/system file to control which modules, as-well as parameters are loaded. All changes to this file take effect after a reboot. The /etc/system file explicitly controls: • • • • •

The search path for default modules to be loaded at boot time. The root type and device. The modules not to be loaded automatically at boot time. The modules to be forceable loaded automatically at boot time, rather that at first access. The new values to override the default kernel parameter values.

Note - Command lines must be 80 characters or less in length and comment lines must begin with an asterisk (*) and end with a new line character.

Solaris Operating Environment System Administration I & II

Page 282 of 563

Solaris SA 1 & 2 - Training Material

Sample/etc/system File * ident "@ (#) system 1.18 97/06/27 SMT /* SVR4 1.5 */ * SYSTEM SPECIFICATION FILE * * moddir: * Set the search path for modules. This has a format similar to the csh path * variable. If the module isn't found in the first directory it tries, the second. * and so on. The default is /kernel /usr/kernel * Example: * moddir: /kernel /usr/kernel /other/modules * * root device and root filesystem. configuration-. * The following may be used to override the defaults provided by the boot program': * rootfs: Set the file system type of the root. * * rootdev: Set the root device. This should be a fully * expanded physical pathname. The default is the * physical pathname of the device where the boot * program resides. The physical pathname is * highly platform and configuration dependent. * Example: * rootfs :ufs * rootdev:/sh is@l,f8000000/esp@0,800000/sd@3,0:a * (Swap device confirmation should be specified in /etc/vfstab.) * * exclude: * Modules appearing in the moddir path which are NOT to be loaded, even if referenced. * Note that 'exclude' accepts either a module name, or a filename which includes the * directory. * Examples: * exclude: win * exclude: sys/shmsys * * forceload: * Cause these modules to be loaded at boot time, (just before mounting the, root * filesystem) rather than at first reference. Note that forceload expects a * filename which includes the directory. Also note that loading a module does * not necessarily imply that it will be installed. * Example: * forceload: drv/foo * set: * Set an integer variable in the kernel or a module to a new value. * This facility should be used with caution. See system(4) . * * Examples: * To set variables in 'unix': * set nautopush=32 * set maxusers=40 Solaris Operating Environment System Administration I & II

Page 283 of 563

Solaris SA 1 & 2 - Training Material

* *

To set a variable namea 'debug' in the module named test module' set test_module:C2bug = 0>;13 The /etc/system file is divided into five distinct sections: •

moddir: Sets the search path for default loadable kernel modules. You can list together multiple directories to search, delimited either by blank spaces or colons. If the module is not found in the first directory, it tries the second directory, and so on.

•

root device and root filesystem configuration: Sets the root file system type to the listed value. The default is rootfs:ufs Sets the root device. The default is the physical pathname of the device where the boot program resides. The physical pathname is platform and configuration dependent. For example: rootdev: /sbus@l, f 8000000 /esp80 , 800000/sd@3 , 0 : a

•

exclude: Does not allow the loadable kernel module(s) to be loaded during kernel initialization. For example: exclude: sys/shmsys

•

forceload: Forces the kernel module(s) to be loaded during kernel initialization. For example: forceload: drv/vx The default action is to automatically load a kernel module when its services are first accessed during runtime, by a user or application.

•

set:

.

Changes kernel parameters to modify the operation of the system. For example: set maxusers = 40 Editing the /etc/system File Before editing the /etc/system file, you should make a backup copy. If you enter incorrect values in this file, the system might not be able to boot.

Solaris Operating Environment System Administration I & II

Page 284 of 563

Solaris SA 1 & 2 - Training Material

The following shows how to copy the original /etc/system file to a backup file, and then edit the /etc/ system lie. # cp /etc/system /etc/system.orig # vi /etc/system. If a boot process fails because of an unusable /etc/system file, issue the interactive boot command: boot -a. When requested to enter the name of the system file, type in the name of your backup system file, or alternatively enter: dev/null, for a null configuration file.

The init Phase The final phase of the boot process is the /etc/init phase. During this phase init start the run control scripts which starts Other processes. The -init process executes re scripts .which -in turn execute a series of other scripts Once the init phase completes successfully, the system login prompt is displayed.

Solaris Operating Environment System Administration I & II

Page 285 of 563

Solaris SA 1 & 2 - Training Material

The /etc/inittab File When you boot a system, or changes run levels with the init or shutdown command, the init daemon starts processes by reading information from the /etc/inittab file. The inittab file defines three important items for the init process: •

The system's default run level.

•

What processes to start, monitor, or restart if terminated.

•

What actions to take when the system enters a new run level.

Each line entry in the /etc/inittab file has the following four fields: id:rstate:action:process

The fields in an inittab entry are described in the following table: id A 1 to 4 character identifier for the entry. rstate One or more ran levels to which this entry applies. action How the process (in the next field) is to be treated. process The command or script to execute.

s3 : 3 : wait: /sbin/rc3

Figure 13-4

>/dev/msglog 2<> /dev/msglog
An/etc/inittab File Entry

Note - Message output from system startup (rc) scripts is directed to /dev/msglog. Previously, all of these messages were written to /dev/console. For more information refer to msglog (7D) Some possible keywords used in the action field include:

initdefault

Identifies the default run level. Read when init is initially invoked. Used by init to determine which run level to enter initially. The default is run level 3.

Solaris Operating Environment System Administration I & II

Page 286 of 563

Solaris SA 1 & 2 - Training Material

Caution - If the rstate field is empty it is interpreted as 0123456. and init will enter run level 6, as the default. This will cause the system to reboot continuously.

sysinit

Executes the process before init tries to access the console (for example, the console login prompt), init waits for its completion before it continues to read the inittab file.

wait

Starts the process and waits for it to complete before moving to the next entry containing the same run level.

respawn

If the process dies, init will restart it. If the. process does not exist, init starts it and continues reading the inittab file. If the process does exist, no action required, and init. continues reading the inittab file.

powerfail

Executes the process only if init receives a power fail signal.

Note — Additional action keywords are available and defined in the inittab man page.

Solaris Operating Environment System Administration I & II

Page 287 of 563

Solaris SA 1 & 2 - Training Material

Default /etc/inittab File The following is an example of the defaultf/etc/inittab file. ap::sysinit:/sbin/autopush -f /etc/iu.ap ap::sysinit:/sbin/soconfig -f /etc/sock2path fs::sysinit:/sbin/rcS sysinit >/dev/msglog 2<>/dev/msglog /dev/msglog 2<>/dev/msglog sS:S:wait:/sbin/rcS >/dev/msglog 2<>/dev/msglog /dev/msglog 2<>/dev/msglog /dev/msglog 2<>/dev/msglog /dev/msglog 2<>/dev/msglog /dev/msglog 2<>/dev/rosglog /dev/msglog 2<>/dev/msglog /dev/msglog 2<>/dev/msglog /d<2v/msglog 2<>/dev/msglog /6.ev/msglog 2<>/dev/msglog /dev/msglog 2<>/dev/msglog
The following describes each inittab line entry: 1.

Initializes STREAMS modules

2.

Configures socket transport providers

3.

Initializes file systems

4.

Defines default run level

5.

Describes a power fail shutdown

6.

Defines single-user mode

7.

Defines run level 0

8.

Defines run level 1

9.

Defines run level 2

10.

Defines run level 3

11.

Defines run level 5

Solaris Operating Environment System Administration I & II

Page 288 of 563

Solaris SA 1 & 2 - Training Material

12.

Defines run level 6

13.

Defines transition to firmware ..

14.

Defines transition to power off

15.

Defines transition to reboot

16.

Initializes Service Access Controller

17.

Initializes console

The init Process The following illustrates the process of bringing a system to the default run level 3. init process

/etc/inittabfile Sets initdefault to run level

/sbin/autopush /sbin/soconfig

Executes commands with a sysinit entry in the action field Executes commands with a run level 3 entry in the rstate field fields

/sbin/rcS /sbin/rc2 /sbin/rc3 /usr/lib/saf/sac /usr/lib/saf/ttymon System Login

Figure 13-5

The init Process

Solaris Operating Environment System Administration I & II

Page 289 of 563

Solaris SA 1 & 2 - Training Material

The /etc/init process reads the /etc/inittab file to do the following: 1. 2. 3.

Identify the initdefault entry, which defines the default run level 3. Execute any process entries that have sysinit in the action field so that any special initialization can take place before users login. Execute any process entries that have 3 in the rstate field, which matches the default run level, 3. The commands executed at this run level include: • • • • • •

/usr/sbin/shutdown-The init process runs the shutdown command only if the system has received a powerfail signal. /sbin/rcS -Mounts and checks / (root), /usr, /var, and /var/adm file systems. /sbin/rc2 - Starts the system daemons, bringing the system up into run level 2 (multi-user mode). /sbin/rc3 - Starts NFS resource sharing for run level 3. /usr/lib/saf/sac-Starts or restarts the port monitors and network access for UUCP. /usr/lib/saf/ttymon-Starts or restarts the ttymon process that monitors the console for login requests. The terminal type on a SPARC-based system is sun. The terminal type on an lA-based system is AT385.

Solaris Operating Environment System Administration I & II

Page 290 of 563

Solaris SA 1 & 2 - Training Material

Run Control Scripts The Solaris Operating Environment provides a series of run control (rc) scripts to stop and start processes normally associated with run levels

The /sbin Directory Each run level has an associated rc script located in the /sbin directory.

sbin

rc0

Figure 13-6

rcl .

rc2

rc3

rc5

rc6

rcs

The / sbin Directory

The rc scripts are executed by init to set up variables, test conditions.. and make calls to "outer scripts that start and stop processes for that run level

The rc scripts rc0, rc5 and rc6 files are hard linked. For example: # cd /sbin # Is -i rc* 47154 rc0 47155 rcl

47156 rc2 47157 rc3

47154 rc5 47154 rc6

47158 rcS

SunOS provides the same series of rc scripts in the /etc directory for backward compatibility.

These scripts are symbolic link files to the rc scripts in. the /sbin directory. # ca /etc # 1s –1 rc?

Solaris Operating Environment System Administration I & II

Page 291 of 563

Solaris SA 1 & 2 - Training Material

Irwxrwxrwx Irwxrwxrwx Irwxrwxrwx Irwxrwxrwx Irwxrwxrwx Irwxrwxrwx lrwxrwxrwx #

1 root 1 root 1 root 1 root 1 root 1 root 1 root

root root root root root root root

11 Fee 22 14:19 rc0 -> ../sbin/rc0 11 Feb 22 14.19 rcl -> . ./sbin/rcl 11 Feb 22 14:19 rc2 -> ../sbin/rc2 11 Feb 22 14:19 rc3 -> . ./sbin/rc3 11 Fee 22 14:19 rc5 -> ../sbin/rc5 11 Feb 22 14:19 rc6 -> . ./sbin/rc6 11 Feb 22 14:19 rcS -> ../sbin/rcS

The /etc/rc # . dDirectories For each /sbin/rc script, there is a corresponding directory named /etc/rc#.d. . The /etc/rc#_.d_directories contain additional scripts that start and Stop system processes for that run level.

/etc . rcS.d

rc0.cl

rcl.d

rc2.d

K# script S#script K# script

rc3.d

S#script S# script

K# script

K# script

S#script

Figure 13-7 The /etc/rc# .d Directories.

For example, /etc/rc2.dcontains scripts used to start and stop process for run level 2. # 1s /etc/rc2.d The /etc/rc# .d scripts are always run in the sort order shown by the 1s command-. These files have names in the form of: [KS] (0-9) [0-9]*

Solaris Operating Environment System Administration I & II

Page 292 of 563

Solaris SA 1 & 2 - Training Material

Files beginning with K are run to terminate (kill) a system process. Files beginning with S are run to start a system process.

Note - File names that begin with a lowercase k or s are ignored by init and they are not executed. To disable a script, rename it with the appropriate lowercase letter.

The/etc/init.d Directory Run control scripts are located in the /etc/init.d directory. These files are hard linked to corresponding: run control scripts in the /etc /rc#. d directories.

/etc init.d

cron

Figure 13-8

dtlogin

lp

nfs. server

The /etc/init.d Directory

The benefit of having; individual scripts for each run, level is that you can run scripts in the /etc/init.d director individually by root. You can turn off a process or start a process without changing the system's run level For example, to stop and restart the lp print services, run the following script's with a stop or start command: # /etc/init.d/lp stop # /etc/init.d/lp start

Solaris Operating Environment System Administration I & II

Page 293 of 563

Solaris SA 1 & 2 - Training Material

Summary of Run Control Scripts and Functions The following table summarizes the tasks that are performed by each of the /sbin rc scripts. Table 13-2 Run Control Scripts and Function rc Script

Function

/sbin/rc0

Runs the /etc/rc0 .d/K* scripts to perform the following tasks - Stops system services and daemons - Terminates all running processes - Unmounts all file systems

/sbin/rcl

Runs the /etc/rcl .d scripts to perform the following tasks: - Stops system services and daemons . - Terminates all running processes - Unmounts all file systems

/sbin/rc2

Runs the /etc/rc2.,d scripts to perform the following tasks: - Mounts all local file systems - Removes any files in the /trop directory I - Configures system, accounting - Configures default router Starts most of the system daemons

/sbin/rc3

Runs the /etc/rc3 .discripts to perform the allowing tasks: • Cleans up /etc/dfs/sharetab file - Starts nfsd and mountd

/sbin/rc5 /sbin/rc6

Runs the /etc/rc0 .d/K* scripts to perform the following tasks: - Kills all active processes and unmounts the file systems

/sbin/rcS

Runs the /etc/rcS.d scripts to bring the system up to run level S. - Establishes a minimal network, - Mounts /usr, if necessary -Sets the system name - Checks the / (root) and /usr file systems - Mounts p'seudo file systems (/proc and /dev/ f d) - Rebuilds the device entries for reconfiguration boots . - Mounts other file systems to be mounted in single-user mode

Solaris Operating Environment System Administration I & II

Page 294 of 563

Solaris SA 1 & 2 - Training Material

Creating a New Run Control Script You can create new scripts to start and stop additional processes or services to customize a system. For example, to eliminate the requirement for having to manually start a database server, create a script to automatically start the database server once the appropriate network services have started. You could then create another script to terminate this service and shut down the database server before the network services are stopped. . To add run control scripts to start and stop a service/ create the script in the /etc/init .d directory and create links ion the appropriate /etc/rc#.d directory for the run level the service is to be started and stopped

'

See the README file in each / etc /rc#.d directory for more information on run control scripts. The following procedure describes how to add a run control script'. 1

Create the script in the /etc/init.d directory. # vi /etc/init.d/filename # chmod 0744 /etc/init.d/filename # chown root:sys /etc/init.d/filename

2.

Create links to the appropriate/etc/re#, d directory. # cd /etc/init.d # 1n filename /etc/rc#.d/S##filename # 1n filename /etc/re#.d/K.##filename

3.

Use the 1s command to verity that the script has links in the appropriate directories. # 1s /etc/init.d /etc/rc#.d /etc/rc#.d

4.

Test the filename by entering the following commands'. # /etc/init.d/filename start

Solaris Operating Environment System Administration I & II

Page 295 of 563

Solaris SA 1 & 2 - Training Material

System Shutdown Procedures You can shut down the Solaris Operating Environment to perform administration tasks or maintenance activities, in anticipation of a power outage, or if you need to move the system to a new location. The Solaris Operating Environment requires a clean and orderly shutdown process, which stops process writes data in memory to disk(s), and unmounts file systems. Of course, the type of work you need to do determines how the system is shut down and what command is used. The following describes the different types of system shutdowns. •

Shut down the system to single-user mode

•

Shut down the system to stop the Solaris Operating Environment and display the ok prompt.

•

Shut down the system to turn off power

•

Shut down the system automatically-and reboot to multi-user mode

The commands available to root for doing these types of system shutdown procedures include: •

/sbin/init (using run levels S, 1, 0, 5 or 6)

•

/usr/sbin/shutdown (using run levels S, 1, 0, 5 or 6)

•

/usr/sbin/halt

•

/usr/sbin/poweroff

•

/usr/sbin/reboot

The /sbin/init Command You can use the init command to shutdown, powerof f, or reboot a system in a clean and orderly manner. It executes the rc0 kill scripts, however, this command does not warn logged in users that the system is being shutdown, and there is no delay.

Solaris Operating Environment System Administration I & II

Page 296 of 563

Solaris SA 1 & 2 - Training Material

To shut down-the system to single user mode, use cither run level S or 1, for example: # init S To shut down the system to stop the Solaris Operating Environment and display the ok prompt: # init 0 To shut down the system and turn its power off: # init 5 To shut down the system and then reboot to multi-user mode: # init 6

The /usr/sbin/shutdown Command The shutdown command is a script that invokes init to shutdown ,poweroff, or reboot the system. It does execute the rc0 kill scripts to shutdown processes and applications gracefully. Unlike the init command, the shutdown command does the following:

•

Notifies all logged in users that the system is being shutdown

•

Delays the shutdown for 60 seconds by default

•

Gives you the capability to include an optional descriptive message to inform your users

Command Format shutdown [ -y ] [ -g grace-period-] [ -i init-state ] [ optional message ]

The -y option is used to pro-answer the final shutdown confirmation question so the command runs without user intervention. The -g grace-period allows root to change the number of seconds from the 60second default. The -i init-state specifics the slate init is to be in." By default, system state S is used. Solaris Operating Environment System Administration I & II

Page 297 of 563

Solaris SA 1 & 2 - Training Material

To shut down the system to single-user mode, enter either run level S or 1, for example: # shutdown -is To shut down the system to stop the Solaris Operating Environment and display the ok prompt: # shutdown -i0 To shut down the system and turn off its power automatically: # shutdown -i5 To shut down the system and then reboot to multi-user mode: # shutdown -i6

The /usr/sbin/halt Command The halt command performs an immediate shutdown: It does not execute the rc0 kid scripts, it does not notify logged in users, and there is no delay. To shut down the system to stop the Solaris Operating Environment and display the ok prompt: # halt

The /usr/sbin/poweroff Command The poweroff command performs an immediate shutdown. It does not execute the rc0 kill scripts, no logged in users are notified, and there is no delay. To shut down the system and turn off its power, # poweroff

Solaris Operating Environment System Administration I & II

Page 298 of 563

Solaris SA 1 & 2 - Training Material

The /usr/sbin/reboot Command The reboot command performs an immediate shutdown and bring the system to run level 3 by default. The reboot command differs from the nit 6 command because it does not execute the rc0 kill scripts, and it does not notify logged in users.

To shutdown the system and then reboot to multi-user mode # reboot

Solaris Operating Environment System Administration I & II

Page 299 of 563

Solaris SA 1 & 2 - Training Material

CHAPTER - 14

BACKUP AND RECOVERY

Objectives Upon completion of this module, you should be able to: • Identify the logical device names for tape drives •

Define the two different types of file system backups

•

Backup a file system to tape using the ufsdump command

•

Describe how to backup a file system to a remote tape drive

•

Explain the purpose of the /etc /dumpdates file

•

Restore a file system from tape using the ufsrestore command

•

Describe the procedure for recovering file systems

•

Use the tar command to manage multiple archives

•

Use the rat command to control the actions of the tape drive

Solaris Operating Environment System Administration I & II

Page 300 of 563

Solaris SA 1 & 2 - Training Material

Backing Up and Restoring File Systems Backing up file systems is the task of copying file systems to removable media, such as tape, to safeguard against loss, damage, or corruption. Restoring file systems means copying reasonably current backup files from removable media back to disk.

Importance of Regular File System Backups Backing up file systems is one of the most crucial system administration, functions. Backups should be performed on a regularly scheduled basis to prevent loss of data due to: •

Accidental deletion of files

•

Hardware failures

•

Problems when reinstalling or upgrading a system

•

System crashes

•

System break-in by an unauthorized user compromising data integrity

•

Natural disasters

Solaris Operating Environment System Administration I & II

Page 301 of 563

Solaris SA 1 & 2 - Training Material

Tape Device Types Figure 17-1 shows typical tape devices used for storing file systems during the backup process. The media chosen depends on the availability of the equipment that supports it and the media selected to store the data.

Table 17-1 Tape Device Types Media Type

Capacity

1/2-inch reel tape

40 Mbytes (6250 BPI)

1/4-inch (QIC) cartridge tape

8 Gbytes

8-mm cartridge tape

40 Gbytes

4-mm DAT cartridge tape

24 Gbytes

DLT 1/2-inch cartridge tape

70 Gbytes

The capacities shown are approximate and continue to increase. Check the documentation that comes with the tape device to determine its capacity.

Solaris Operating Environment System Administration I & II

Page 302 of 563

Solaris SA 1 & 2 - Training Material

Tape Device Naming Logical Tape Device Names All tape devices have logical device names that are used to reference the device on the command line. These logical device names use the following format: /dev/rmt/#hn

Logical tape number Tape density (l,m,h,c,u) No rewind

Figure 17-1

Logical Device Name Format

For example: •

The first instance of a tape drive: /dev/rmt/0

•

The second instance of a tape drive: /dev/rmt/1

•

The third instance of a tape drive: /dev/rmt/2

Tape device names are always numbered 0 and can include the following optional parameters: •

No Rewind: The letter "n" at the end of a tape device name indicates the tape is not to be rewound when the current operation completes.

•

Tape Density: Five values can be given in the tape device name: (medium), h (high), c (compressed), or u (ultra compressed).

Solaris Operating Environment System Administration I & II

-1 (low), m

Page 303 of 563

Solaris SA 1 & 2 - Training Material

Denstintion the tape drive ependent. Check the manufacturer's documentation for the correct densities supported by a tape device. The default can also be determined by device entries in the file /kernel/drv/st.conf.

Data Compression Tape devices that support data compression contain internal hardware that per forms the; compression. Hardware-based compression is not as space efficient as using the Solaris compress command, though it is much faster. Be aware that if a software compressed file is backed up using the tape device hardware compression option, the file will expand on tape to a size larger than its compressed version.

Solaris Operating Environment System Administration I & II

Page 304 of 563

Solaris SA 1 & 2 - Training Material

Types of Pile System Backups As root, you can perform the following types of backups: •

Full - A complete file system backup

•

Incremental - Only files in the file system that have been added or modified since a previous backup

The ufsdump Command The /usr/sbin/ufsdump command is the recommended command for sheduled backups of complete file systems, as it is resident command in the Solaris Operating Environment.

Note - Other backup programs are available from either Sun Microsystems, Inc., or third-party packages.

Command Format ufsdump options [ arguments ] filesystem._name You can use this command to back up a complete or a partial file system to backup media.

Common Options The following are One common options for the ufsdump command: •

0-9-_Backup Level. Level 0 is for a full backup of the whole file system. Levels 1 through 9 are for incremental backups of files that have changed since the last lower-level backup.

•

v- Verify. After each type is written, verify the contents of the media against the source file system. If any discrepancies occur, prompt the operator to insert new media,-then repeat the process. Use this option only on an unmounted file system, any activity in the file system causes it to report discrepancies.

Solaris Operating Environment System Administration I & II

Page 305 of 563

Solaris SA 1 & 2 - Training Material

•

S - Size estimate. Determines the amount of space needed on tape to perform the backup and display the estimated number of bytes required.

•

1 - Autoload. Use this option for an autoloading (stackloader) tape drive.

•

o - Offline. When finished, take the drive offline, rewind (if tape), and if possible eject the media.

•

u-Update the /etc/dumpdates file. An entry indicates the device name for the file system disk slice, the backup level (0-9), and the date. No record is written when the u option is not used, If an entry already exists for a backup at the same level, it is replaced.

•

f -Specify the tape device name where the file system will be copied". When the default tape device, /dev/rmt/0) is being used, it is not necessary to specify this device with the f option, it is assumed.

•

file system to backup - Specify one of the following to be backed up. The file system's mount point name (e.g. /usr). The raw device name (/dev/rdsk/c#t#d#s#).

Solaris Operating Environment System Administration I & II

Page 306 of 563

Solaris SA 1 & 2 - Training Material

The /etc/dumpdates File Each line in /etc/dumpdates file shows the file system backed up, the level of the last backup, and the day, date, and time of the backup. The following is an example of a typical /etc/dumpdates file: # cat /etc/dumpdates /dev/rdsk/c0t2d0s6 0 Fri Jun 2 19:12:27 2000 /dev/rdsk/c0t2d0s0 0 Fri Jun 2 20:44:02 2000, /dev/rdsk/c0t2d0s4 5 Thu Jun 8 19:42:21 2000

When incremental backups are performed, the ufsdump command consults /etc/dumpdates to and the date of the most recent backup of the next lower level. Then it copies all files that were modified or added since the date of that lower-level backup to the backup media. After the backup is complete, a new entry, describing the backup just completed, replaces the entry for the previous backup at that level. You can determine if backups are being done by viewing the /etc/dumpdates file. This is particularly important if a backup is not completed because of equipment failure, it will not be recorded in /etc/dumpdates.

Note- When restoring an entire file system, check /etc/dumpdates for a list of the most recent dates and levels of backups, to determine which tapes are needed to restore the entire file system.

Solaris Operating Environment System Administration I & II

Page 307 of 563

Solaris SA 1 & 2 - Training Material

Scheduling Backups The dump level specified in the ufsdump command (0-9) determines which files are to be backed up. Specifying dump level 0 creates a full backup of the file system.

The numbers 1 through 9 are used to schedule incremental backups, but have no defined meanings. These are just a range of numbers used to schedule cumulative backups. The only meaning levels 1 through 9 have is in relationship to each other, as a higher or lower number. Performing daily, cumulative incremental backups is the most commonly used backup scheme and is recommended for most situations. The following examples illustrate an incremental backup schedule for a particular file system.

Solaris Operating Environment System Administration I & II

Page 308 of 563

Solaris SA 1 & 2 - Training Material

A Sample Backup Strategy The following is an example of using incremental levels to backup a file system.

Figure 17-2

incremental Backup Strategy

•

Full (level 0) backup is performed once each month.

•

Level 3 backup is performed every Monday. Copies only new or modified files since the last lower level backup (for example, 0).

•

Level 4 backup is performed every Tuesday. Copies only new or modified files since the last lower level backup (for example, 3).

•

Level 5 backup is performed every Wednesday. Copies only new or modified files since the last lower level backup *(for example 5)

modified files since use last lower level backup, which is the level

Solaris Operating Environment System Administration I & II

Page 309 of 563

Solaris SA 1 & 2 - Training Material

Planning File System Backups •

The file systems to backup

•

The number of tapes for backup

•

A backup device (for example, tape drive)

•

The type of backup (for example, full or incremental)

•

The procedures for marking and storing tapes

Finding File System Names Display the contents of the /etc/vfstab file, and look at the mount point column for the name of the file system.

Determining the Number of Tapes The size of the file system backup can be determined by using the following command. For example: # ufsdump 0S fiIesystem_name or # ufsdump 3S filesystem_name The estimated number of bytes needed on tape to perform the backup is displayed.

Divide the reported size by the capacity of the tape to see how may needed to backup the file system.

Solaris Operating Environment System Administration I & II

Page 310 of 563

Solaris SA 1 & 2 - Training Material

Backing Up to Tape You should bring the system to single-user mode and unmount the file system before doing a backup. If you cannot unmount the file system, you need to be aware that backing up a file system, while operations, such as creating, removing, and renaming files are occurring, means some data will not be included in the backup. 1.

Become root to bring the system to single-user mode and unmount the file systems.

# /usr/sbin/shutdown -y -g300 "System is being shutdown for backup" Shutdown started.

Mon Jun 5 14:05:45 MdT 2000

.

Broadcast Message from root (pts/1) on hostl Mon Jun 5 14:05:45... The system hostl will be shut down in.5 minutes System is being shutdown for backup 2.

Unmount all file systems (except / and/usr) # unmount /export /home

3.

Check the integrity of the file system data with the fsck command, but only if the file system has been unmounted. # fsck /export/home

4.

Perform a full level 0 backup of the /export/home file system.

#ufsdump Ouf /dev/rmt/0 /export/home DUMP: Writing 32 Kilobyte records DUMP: Date of this level 0 dump: Mon Jun 5 2000 14:10:15 PM MDT DUMP: Date of last level 0 dump:' the epoch DUMP: Dumping 7dev/rdsk/c0t0d0s7 (hostl:/export/home) to /dev/rmt/0. DUMP: Mapping (Pass I) [regular files] DUMP: Mapping (Pass II) [directories] DUMP: Estimated 125206 blocks (61.14MB). DUMP: Dumping (Pass III) [directories] DUMP: Dumping (Pass IV) [regular files] DUMP: Tape rewinding DUMP: 125182 blocks (61.12M3) on 1 volume at 747 KB/sec DUMP: DUMP IS DONE DUMP: Level 0 dump on Mon Jun 5 2000 14:10:15 PM MDT

Solaris Operating Environment System Administration I & II

Page 311 of 563

Solaris SA 1 & 2 - Training Material

Performing Remote Backups You can use the ufsdump command to perform, a backup on a remote tape device. When doing remote backups across the network the system with the tape drive must have entries in its /. rhosts file for every system that will be using the tape drive.

Command Format ufsdump opi.,ns remotest: tapedevice filesystem For example, to perform a full level 0 backup of the export/home file system on hostl to the remote tape device on host2. use the following command: # ufsdump Ouf bost2:/dav/rmt/0 /export/home DUMP: Writing 32 Kilobyte records DUMP: Date of this level 0 dump: Mon 5 Jun 2000 03:10:57 PM MST DUMP: Date of last level 0 dump: the epoch DUMP: Dumping /dev/rdsk/c0t0d0s7 (hostl:/export/home) to host2:/dev/rtnt/0. DUMP: Mapping (Pass I) [regular files] DUMP: Mapping (Pass II) [directories] DUMP: Estimated 125206 blocks (61.14MB). DUMP: Dumping--(Pass III) [directories] , DUMP: Dumping (Pass IV) [regular files] DUMP: Tape rewinding DUMP: 125182 blocks (61.12MB) on 1 volume at 704 KB/sec DUMP: 'DUMP IS DONE DUMP: Level 0 dump on Mon 5 Jun 2000 03:10:57 PM MST

Solaris Operating Environment System Administration I & II

Page 312 of 563

Solaris SA 1 & 2 - Training Material

Restoring File Systems Use the ufsrestore command to restore files and file systems that were backed up using the ufsdump command. The reasons why a file system might need to be restored include: •

Rebuilding a damaged file system

•

Reinstallation or upgrade of the Solaris Operating Environment software

•

Reorganizing file' systems on existing or new disks

The ufsrestore command copies files To disk relative to the current working director from backups created using the ufsdump command. Use ufsrestore to reload an entire file system hierarchy from a level 0 backup and incremental backups that follow it; or to-restore one 'or more single files from any dump tape.

Command Format ufsrestore. options [ arguments ] [ filesystem ] ufsrestore options [ arguments ] [ filenames . . . ]

Common Options The following describes the some options for the ufsrestore command: •

t - Lists the table of contents of the backup media:

•

r - Restores the entire file system from the backup media.

•

x - Restores only the files named on the command line.

•

i - Invokes are interactive restore.

•

v - Specifies Verbose mode. Displays pathnames to the terminal screen as each tile is being restored.

•

f - Specifies the tape device name.

Solaris Operating Environment System Administration I & II

Page 313 of 563

Solaris SA 1 & 2 - Training Material

The restoresymtable File A restoresymtable file is created whenever restoring an entire file system from a backup tape. The restoresymtable file is used only by ufsrestore for checkpointing, which is information passed between incremental restores. The restoresymtable file is not needed when the restore is complete and should be removed from the file system.

Preparing to Restore File Systems The examples that follow demonstrate how to restore individual files invoke restore in interactive mode to browse the contents of the backup tape; and restore an entire file system. Before restoring files or file systems, you must determine the following: •

What file system backup tapes are needed

•

The raw device name to restore the file system

•

The temporary directory name to restore individual files

•

The type of backup device to be used (local or remote)

•

The backup device name (local or remote)

Solaris Operating Environment System Administration I & II

Page 314 of 563

Solaris SA 1 & 2 - Training Material

Restoring the root(/) File System To restore the / (root) file system, boot from the Solaris CD-ROM and then run ufsrestore.

Note - If / (root), /usr, or the /var file system is unusable because of some type of corruption or damage, the system will not boot. The following procedure demonstrates how to restore the / (root) file system on the boot disk c0t0d0s0. 1.

Insert the Solaris Software CD 1 of 2, and boot the CD-ROM with the single-user mode option. ok boot cdrom -s

2.

Create the new file system structure,. # newfs /dev/rdsk/c0t0d0s0

3.

Mount the file system to an empty mount point directory,/a and change to that directory. # mount /dev/dsk/c0t0d0s /a # cd /a

3.

Restore the / (root) file system from its backup tape, # ufsrestore rf /dev/rmt/0

Note - Remember to always restore a file system starting with the level 0 backup tape and continuing with the next lowest level tape up through the highest level tape. 5.

Remove the restoresymtable file. # rm restoresymtable

6.

Install the bootblk in sectors 1-15 of the boot disk. Change to the directory containing the bootblk, and run the installboot command. # cd /usr/platform/'uname -m/lib/fs/ufs # installboot bootblk /dev/rdsk/c0t0d0s0

Solaris Operating Environment System Administration I & II

Page 315 of 563

Solaris SA 1 & 2 - Training Material

7.

Unmount the new file system. # cd / # umount / a

8.

Use the fsck command to check the restored file system. # fsck /dev/rdsk/c0t0d0s0

9.

Reboot the system. # init 6

10.

Perform a full backup of the file system. For example: # ufsdump Ouf /dev/rmt/0 /dev/rdsk/c0t0d0s0

Note - Always back up the newly created file system, as ufsrestore repositions the files and changes the inode allocation. ;

Restoring the /usr and /var File Systems To restore the /usr and /var file systems repeat the steps described above, except step 6. This step is required only when restoring the ( / ) root file system.

Restoring Regular File Systems To restore a regular file system, (for example, /export/home, or /opt) back to disk, repeat the steps described above, except steps 1, 6, and 9. Example # newfs /dev/rdsk/c#t#d#s# # mount /dev/dsk/c#t#d#s# /rant # cd /rant # ufsrestore rf /dev/rmt/# # rm restoresymtable •• • # cd / # umount /rant # fsck /dev/rdsk/c#t#d#s# # ufsdump Ouf /dev/rmt/ # /dev/rdsk/c#t#d#s#

Solaris Operating Environment System Administration I & II

Page 316 of 563

Solaris SA 1 & 2 - Training Material

Invoking an Interactive Restore The ufsrestore i-i command invokes an interactive interface for browsing through the backup tape's directory hierarchy and selects individual files to be extracted. 1.

Become root and change to a temporary directory to place the extracted files. # cd /var/tmp

2.

Invoke the ufsrestore command with the interactive option. # ufsrestore ivf /dev/rmt/0 Verify volume and initialize maps Media block size is 64 Dump date: Mon June 01 15:17;09 2000 Dumped from: the epoch Level C dump of / on hostl: /dev/dsk/c0t3d0s0 Label: none Extract directories from tape Initialize symbol table,

3.

Display the contents of the director}' structure .on the backup tape.

ufsrestore > Is 2 *./ 2 *../ 161 Xauthority 160 Xdefaults 159 .rhosts 3085 .wastebasket/ 3 bin 3087 cdrom/ 25610 dev/

39 5122 5120 10240 40 2560.8 35 3 20503

devices/ etc/ export/ hone/ kadb kernel/ lib lost+found/ mnt/

30847 15360 25611 15381 35863 30848 20480 25600

net/ opt/. proc/ sbin/ tmp/ tmp_mnt/ usr/ var/

To change directories on the backup, tape: ufsrestore > cd etc/inet ufsrestore > Is 4.

Add any file to be restored to the extraction list, ufsrestore > add inetd.conf hosts

Solaris Operating Environment System Administration I & II

Page 317 of 563

Solaris SA 1 & 2 - Training Material

Files to be restored are marked with an asterisk (*) for extraction. If you are extracting a directory. All of its contents are marked for extraction. In this example, two files are marked for extraction; and this command displays an asterisk in front of the selected file names: *hosts and * inetd.conf. To delete a file from the extraction list, use, the delete command: ufsrestore > delete inetd.conf This command displays inetd. conf without an asterisk. 5.

To restore the selected file(s) from the backup tape:

ufsrestore > extract Extract requested files YOU have not read any volumes yet. Unless you know which volume your file(s) are on you should start, with the last volume and work towards the first. . Specify next volume #:1 extract file ./etc/inet/hosts . . Add links. Set director, mode, owner, and times. set owner/mode for '.'? [yn] n . 6 Exit the interactive restore once the files are extracted. ufsrestore> quit 7.

Check the restored files, move them to their original or permanent directory location, and delete the files from the temporary directory. #mv /var/tmp/etc/inet/hosts /etc/inet/hosts # rm -r /var/tmp/etc

Note - Within an interactive restore you can use the help command to display a list of available commands.

Solaris Operating Environment System Administration I & II

Page 318 of 563

Solaris SA 1 & 2 - Training Material

Controlling the Tape Drive The mt Command (magnetic tape control) is used to send instructions to the tape drive. Not all tape drives support all mt commands.

Command Format mt [ -f cape-device-name ] command [ count } You use the -f option to specify the tape device name, typically a no-rewind device name. •

status -Displays status information about the tape drive.

•

rewind-Rewinds the tape.

•

off line-Rewinds the tape and, if appropriate, takes the drive unit off-line by unloading the tape.

•

fsf - Forward skips count tape files.

Examples of Handling Multiple Archives To create a tape archive of the current directory on the default tape drive, without the no rewind option, use the following command. $ tar cvf /dev/rmt/0 . The following example creates a tape archive of the current directory, on the default tape drive, using the no rewind option. $ tar cvf /dev/rmt/On /etc This example positions the tape at the beginning of the third tar record. $ mt -f /dev/rmt/On fsf 1 To extract all files from tape and place them into the current directory, use the following command: $ tar xvf / dev/rmt / 0

Solaris Operating Environment System Administration I & II

Page 319 of 563

Solaris SA 1 & 2 - Training Material

CHAPTER - 15

INTRODUCING DISK MANAGEMENT

Objectives Upon completion of this module, you should be able to: •

List the three utilities used to create, check, and mount file systems

•

Identify the physical path name differences between physical disks and virtual disks

•

List the potential advantages of any virtual disk management application

•

List the basic difference between Solstice DiskSuite™ and Sun StorEdge Volume Manager™

•

List the main advantages of using a concatenated virtual file system

•

List the main advantage of using a striped virtual file system

•

Install the Solstice DiskSuite applications

•

Use the Solstice DiskSuite application to dynamically grow a file system

Solaris Operating Environment System Administration I & II

Page 320 of 563

Solaris SA 1 & 2 - Training Material

Physical Disks In a standard Solaris Operating Environment installation, memory-resident drivers access all physical disks. Each type of disk device has a unique driver.

Typical Physical Disk Drivers

Typical physical disk drivers include: •

dad - IDE disk driver

•

sd — The SCSI disk drive driver

For efficiency, most drivers are loaded into memory at system boot time.

Access Paths The access path to all physical disks is through path names defined in the /dev directory. For every slice on every physical disk, there are two unique access paths—the block device path and the raw device path.

Block Device Path The block device path is used by commands, utilities, and processes that refer to the slice as a file system. For example, the following are typical block device path names: • •

/dev/dsk/c0t0d0s0 /dev/dsk/c0t0d0s7

The following is a typical mount command using the block device path name: # mount /dev/dsk/c0t0d0s7 /mnt

Solaris Operating Environment System Administration I & II

Page 321 of 563

Solaris SA 1 & 2 - Training Material

Raw Device Path The raw device access path is used by utilities and processes that do not use the device as a file system but transfer data sector by sector. For example, the following are typical raw device path names: •

/dev/rdsk/c0t0d0s0

•

/dev/rdsk/c0t0d0s7

The following are typical commands that can be used with the raw device path name:

newfs /dev/rdsk/c0t0d0s7 fsck /dev/rdsk/c0t0d0s7

Solaris Operating Environment System Administration I & II

Page 322 of 563

Solaris SA 1 & 2 - Training Material

Virtual Disk Access Paths A key feature of all virtual volume management applications is that they transparently provide a virtual partition that can consist of many" disk partitions. To the Solaris Operating Environment, a virtual partition appears to be the same as any other. The logical device names associated with the virtual partitions are similar to other special devices in that they have both a raw device path and a block device path. The following are typical virtual volume raw and block device path names for disks created with Solstice DiskSuite: •

/dev/md/rdsk/d42

•

/dev/md/dsk/d42

The following are typical virtual volume raw and block device path names for disks created with Sun StorEdge Volume Manager: •

/dev/vx/rdsk/apps/logvol

•

/dev/vx/dsk/apps/logvol

You can use virtual volume device paths the same way as any other device path by system utilities; for example:

# mount /dev/nva/dsk/d42 /mnt # newfs /dev/nva/rdsk/d42 # fsck /dev/vx/rdsk/apps/logvol

To eliminate the limitation of one slice per file system, there are virtual volume management applications that can create virtual volume structures in which a single file system can consist of an almost unlimited number of disks or slices. Two virtual volume managers are available through Sun: •

Solstice DiskSuite

•

Sun StorEdge Volume Manager

Solaris Operating Environment System Administration I & II

Page 323 of 563

Solaris SA 1 & 2 - Training Material

Virtual Volume Management Solstice DiskSuite and Sun StorEdge Volume Manager assemble large volumes from multiple disk drives, but they use different approaches.

Solstice DiskSuite Solstice DiskSuite uses standard partitioned disk slices that have been created using the format utility. A typical volume structure is assembled and managed transparently.

/dev/md/clsk/d42 d42 is called a metadevice /dev/rdsk/c0t0d0s7 /dev/rdsk/c0tld0s4 /dev/rdsk/c0t2d0s6

Figure 4-1

Solstice DiskSuite Management of Disk Slices

Solaris Operating Environment System Administration I & II

Page 324 of 563

Solaris SA 1 & 2 - Training Material

Sun StorEdge Volume Manager Sun StorEdge Volume Manager manages disk space by using contiguous sectors. The application formats the disks into only two slices, Slice 3 and Slice 4. Slice 3 is called a private area, and Slice 4 is a public area. Slice 3 maintains information about the virtual to physical d mappings, while the sectors in Slice 4 provide space to build the virtual devices. Contiguous sector groups can be configured into subdisks; see Figure 4-2.

Figure 4-2

Sun StorEdge Volume Management of Disk Slices

An advantage of this approach is there is almost no limit to the number of subdisks you can create on a single disk drive. In a standard Solaris-disk partitioned environment, there is an eight-partition limit per disk.

Solaris Operating Environment System Administration I & II

Page 325 of 563

Solaris SA 1 & 2 - Training Material

Concatenated Volumes A concatenated volume combines portions of one or more physical disks into a single virtual structure. The portions are contiguous, and the first portion tends to fill with data before the next portion is used. Figure 4-3 illustrates a sample layout of concatenated volumes.

Figure 4-3

Concatenated Volumes

The following describes some of the features of a concatenated volume: • It can be used to create a virtual volume that is larger than one physical disk. •

You can grow a file system as needed by concatenating additional physical disk space to it. Using this feature, you can increase the size of a file system while it is mounted and in use.

It is not uncommon for file systems to run out of space due to company expansion that was not anticipated during the system planning phase. As a system administrator, you would be required to increase the size of a file system. The Solstice DiskSuite package that is bundled with the Solaris Operating Environment server release can be used to expand (or grow) the size of a file system using concatenation.

Solaris Operating Environment System Administration I & II

Page 326 of 563

Solaris SA 1 & 2 - Training Material

Adding a Disk Before you can use the disk management tools to configure additional disk space, you must first add the additional device and then modify the device configuration directories to make the device visible to the system. The two methods of making the device visible are: •

A reconfiguration boot

•

An execution of the devfsadm daemon

Reconfiguration Boot

Traditionally, you would perform a reconfiguration boot operation to recognize new devices on the system. The three basic methods are: •

Execute a boot -r from the boot PROM's ok prompt

•

Execute a reboot — -r from the # (system's superuser shell) prompt; the — passes the -r to the boot command

•

Create a /reconfigure file and reboot the system

The disadvantage to these methods is that each requires you to reboot the system. In today's computer environments, many systems have a 24 hours a day, seven days a week (24x7) uptime requirement; therefore, rebooting the system to add new devices is not an option.

The devfsadm Daemon For systems that have a 24x7-uptime requirement, you can add new devices without requiring a reboot. Before the Solaris Operating Environment, you needed a suite of devfs administration tools, including drvconfig(lM), disks(lM), tapes(lM), ports(lM), audlinks(lM), and devlinks(lM) to create the /dev and /devices entries necessary for the Solaris Operating Environment to access new devices. These commands still exist in the Solaris Operating Environment; however, each of them is linked to the new devfsadm administration command that maintains the name space for /dev and /devices entries.

Solaris Operating Environment System Administration I & II

Page 327 of 563

Solaris SA 1 & 2 - Training Material

Therefore, after adding new hardware (or hot-plugable hardware where permitted), the devfsadm command is executed, thereby transparently building the necessary configuration entries the new device is then ready for assignment by the system.

Solaris Operating Environment System Administration I & II

Page 328 of 563

Solaris SA 1 & 2 - Training Material

CHAPTER - 16 INTRODUCING THE SOLARIS NETWORK ENVIRONMENT

Objectives Upon completion of this module, you should be able to: •

Define the function of each layer within the seven-layer Open Systems Interconnect (OSI) model and the five-layer Transmission Control Protocol (TCP)/Internet Protocol (EP) model

•

Describe the contents of various network control files

•

Construct command strings to perform basic monitoring operations on an active network

•

Start and stop network services using the command line

Solaris Operating Environment System Administration I & II

Page 329 of 563

Solaris SA 1 & 2 - Training Material

Overview The standard Solaris Operating Environment comes with the TCP/IP stack built into it. To understand the protocol stack, you must understand network models. The most commonly referred to networking models are the seven-layered International Standards Organization (ISO) / OSI model and the five-layered TCP/IP network model. Both models provide a framework for describing data communications.

Note - The U.S. Department of Defense created the TCP/IP model.

This module references the TCP/IP model.

Solaris Operating Environment System Administration I & II

Page 330 of 563

Solaris SA 1 & 2 - Training Material

The Function of the Layers Each layer in either of the two network models describes a specific network function. Each function supports the layer above and receives support from the layer below. The separation of the data-communication process into distinct functions makes it easier for developers to design network components that inter-operate with each other, regardless of the vendor. Each layer uses separate protocols, such as the IP or the TCP, to complete the required tasks for the particular layer. The functions of data delivery and connection management are handled by separate protocols. The data delivery protocol is simple and does not deal with connection management. Conversely, the connection management protocol is also simple because it does not concern itself with data delivery. This separation of the data delivery functions from the connection management functions helps to simplify development using these protocols.

Figure 2-1

ISO/OSI and TCP/IP Model layers

Solaris Operating Environment System Administration I & II

Page 331 of 563

Solaris SA 1 & 2 - Training Material

Protocol layering produces simple protocols, each with a few well-defined tasks. You can then assemble these protocols into a useful whole. You can also remove or replace individual protocols as needed for particular applications. The function of the individual layers of the ISO/OSI model are described in Table 2-1.

Table 2-1

ISO/OSI Network Model

ISO/OSI Layer Application

Function Manages user-accessed application programs network service (using the underlying layers).

Presentation

Manages the presentation of the data to be independent of the architecture.

Session

Manages communication setup and termination.

Transport

Ensures that messages reach the correct application.

Network

Manages data addressing and delivery between networks, as well as fragmenting data for the Data Link layer. A router functions at this layer by using IP addresses.

Data Link

Manages the delivery of data across the physical network. This layer provides error detection and packet framing. A bridge/switch functions at this layer. Delivery decisions are based on the Ethernet address (also known as the Media Access Control [MAC] address).

Physical

Describes the network hardware, including electrical signal characteristics, such as voltage and current. A repeater functions at this layer.

Solaris Operating Environment System Administration I & II

and

Page 332 of 563

Solaris SA 1 & 2 - Training Material

The function of the individual layers of the TCP/IP model are listed in Table 2-2.

Table 2-2

TCP/IP Network Model

TCP/IP Layer

Function

Application

Manages user-accessed application programs and network services (using the underlying layers), manages the presentation of the data to be independent of the architecture, and manages the presentation of the data to be independent of the architecture.

Transport

Ensures that messages reach the correct application.

Internet

Manages data addressing and delivery between networks, as well as fragmenting data for the data link layer. A router functions at this layer by using IP addresses.

Network Interface

Manages the delivery of data across the physical network. This layer provides error detection and packet framing. A bridge/switch functions at this layer. Delivery decisions are based on the Ethernet address (also known as the Media Access Control [MAC] address).

Hardware

Describes the network hardware, including electrical signal characteristics, such as voltage and current. A repeater functions at this layer.

Solaris Operating Environment System Administration I & II

Page 333 of 563

Solaris SA 1 & 2 - Training Material

Peer Communication In contrast to the client/server model, the peer-to-peer communication model is one in which each party has the same capabilities and either party can initiate communication.

Encapsulation and De-encapsulation When systems communicate with each other, data can be thought of as flowing down the model from the application layer to the hardware layer, across the network connection, and then flowing up the model on the target system from the hardware layer to the application layer. A header is added to each segment received on the way down the model, and a header is removed from each segment on the way up the model, as shown in Figure 2-2. Each header contains specific address information so that the layers on the remote system know how to forward the communication.

Figure 2-2

Simplified Encapsulation and De-encapsulation Between System I and System 2 Using the TCP/IP Model

Solaris Operating Environment System Administration I & II

Page 334 of 563

Solaris SA 1 & 2 - Training Material

Common Protocols and Applications in the Solaris Operating Environment A protocol is a set of rules governing the exchange of data between _. Protocols can exist at each layer in a telecommunication session. Both end points must recognize and observe the protocols.

Protocols are described in an industry or international standard. For example, on the Internet, there are the TCP/IP protocols consisting of: •

Transmission Control Protocol (TCP), which uses a set of rules to exchange messages with other Internet points at the information packet level.

•

Internet Protocol (DP), which uses a set of rules to send and receive messages at the Internet-address level.

Specific protocols are related with each layer of the network models. Table 23 shows some of the protocols associated with each layer of the TCP/IP network model.

Table 2-3

Protocols and Network Model Layers

TCP/IP Layer

TCP/IP Protocol and Applications

Application

NFS/NIS+, DNS, SMTP, DHCP, SNMP, HTTP, RPC, RIP, rlogin, telnet, and ftp,

Transport

TCP and UDP

Internet

IP, ARP, RARP, and ICMP

Network interface

Ethernet, ATM, FDDI, and PPP

Solaris Operating Environment System Administration I & II

Page 335 of 563

Solaris SA 1 & 2 - Training Material

TCP/IP Protocol Descriptions The following sections describe the TCP/IP protocols.

Network Interface Layer Protocols The network layer protocols consist of the following: • Ethernet is a type of local area network (LAN) that enables real-time communication between machines connected directly through cables. •

Asynchronous Transfer Mode (ATM) is a dedicated, connection-switching technology that organizes digital data into 53-byte cell units and transmits them over a physical medium using digital signal technology.

•

Fiber Distributed Data Interface (FDDI) specifies a 100-Mbytes-persecond, token-passing, dual-ring LAN using a fiber-optic transmission medium. It defines the physical layer and media-access portion of the link layer.

•

Point-to-Point Protocol (PPP) transmits IP datagrams over serial point-topoint links.

Internet Layer Protocols The internet layer protocols consist of the following-. •

Internet Protocol (IP) determines the path a packet must take, based on the destination host's IP address. Both IPv4 and IPv6 are supported.

•

Address Resolution Protocol (ARP) defines the method that map a 32-bit IP address to a 48-bit Ethernet address.

•

Reverse Address Resolution Protocol (RARP) is the reverse of ARP. It maps a 48-bit Ethernet address to a 32-bit'IP address.

Note - ARP and RARP are not used in Internet Protocol, version 6 (IPv6).

Solaris Operating Environment System Administration I & II

Page 336 of 563

Solaris SA 1 & 2 - Training Material

•

Internet Control Message Protocol (ICMP) defines a set of error and diagnostic feedback messages for the IP. ICMP has support for IPv4 (with ICMPv4) and IPv6 (with ICMPv6).

Transport Layer Protocols The transport layer protocols consist of the following: •

Transmission Control Protocol (TCP) is a connection-oriented protocol that provides the full duplex, reliable service on which many application protocols depend.

•

User Datagram Protocol (UDP) provides a half-duplex, non-acknowledged delivery service.

Application Layer Protocols The application layer protocols consist of the following: •

Network File System (NFS) is a client-server application that enables you to view and, optionally, store and update files on a remote system as though they were on your own system.

•

Network Information System (NIS) and Network Information System Pius (NIS+) are network-naming and administration systems.

•

Dynamic Host Configuration Protocol (DHCP) automates the assignment of IP addresses in an organization's network.

•

Domain Name System (DNS) is a distributed database that maps host names to IP addresses.

•

Hypertext Transfer Protocol (HTTP) is used by the world wide web to display text, pictures, sounds, and other multimedia information with a web browser.

•

Remote Procedure Call (RPC) is a protocol that one program can use to request service from a on another system in the network without needing to understand network details.

•

Routing Information Protocol (RIP) provides for automated distribution of routing information between systems.

Solaris Operating Environment System Administration I & II

Page 337 of 563

Solaris SA 1 & 2 - Training Material

•

Simple Mail Transport Protocol (SMTP) provides for delivery of mail messages.

•

Simple Network Management Protocol (SNMP) is the language that allows for the monitoring and control of network devices.

•

rlogin is a service, offered primarily by UNIX® systems, which enables users of one system to connect to other systems across the intranet, and to interact as if their terminals were connected to the systems directly.

•

telnet is a service that enables users of one system to connect to other systems across the Intranet, and to interact as if their terminals were connected to the systems directly. \

•

File Transfer Protocol (FTP) transfers a file by copying a file from one system to another system.

Solaris Operating Environment System Administration I & II

Page 338 of 563

Solaris SA 1 & 2 - Training Material

Network Files and Commands You must configure network interfaces to allow peer-to-peer communication. You can use many files and commands to manipulate the networking characteristics of a system installed with the Solaris Operating Environment. This section introduces you to some of the common files and commands, including those used for: •

Identifying a host

•

Determining network configuration

•

Troubleshooting a network

•

Providing network services

•

Providing remote procedure calls

Solaris Operating Environment System Administration I & II

Page 339 of 563

Solaris SA 1 & 2 - Training Material

Displaying the MAC Address There are numerous ways to display a system's hardware address, also known as the media access control (MAC) address and as the Ethernet address. The MAC address is usually required by system administrators when configuring a system needing to be jump-started.

The ifconfig -a Command You can use the ifconfig command with the -a switch to display the system's hardware address. This address is displayed only if the root user issues the ifconfig command. Only the IP address information is displayed if a non-root user issues the ifconfig command. ifconfig -a lo0: flags=1000849 mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 hme0: flags=1000843 mtu 1500 index 2 inet 192.168.10.25 netmask ffffff00 broadcast 192.168.10.255 ether 8:0:20:a2:ll:de

The banner Command You can also retrieve the MAC address from a system that has not yet been booted by typing banner at the ok prompt. ok banner Sun Ultra 5/10 UPA/PCI (UltraSPARC-II 300MHz) , Keyboard, Present OpenBoot 3.1.1 64 MB memory installed, Serial #9361102. Ethernet address 8:0-.20:8e-.d6:ce, HostlD: 808ed6ce.

Solaris Operating Environment System Administration I & II

Page 340 of 563

Solaris SA 1 & 2 - Training Material

Configuring Interfaces at Boot Time System interfaces can be automatically configured at boot time if the supporting files have appropriate entries.

The /etc/rcS.d/S30network.shFile The /etc/rcS.d/S30network.sh file is one of the startup scripts that are run each time the system is booted. This script uses the ifconfig utility to configure each interface with an IP address and other required network information. The script searches for files called hostname .xxn in the /etc directory where xx is an interface type and n is the instance of the interface. The /etc/ho3i.name.hmeO is an example of a host-name file.

Note - This is a new file In Solaris Operating Environment. It is functionally similar to the file /etc/rcS.S30 rootusr in older Solaris releases.

The /etc /hostname.xxn File The /etc/hostname. xxn file contains only an entry for the interface. This host name must exist in the /etc/hosts file so that it can resolve to an IP address at system boot time. An example of the file contents is # cat / etc/hostname.hme0 host1 #

Note – Creating an empty /etc/hostname6.xxn file causes the Solaris Operating Environment to automatically IPv6 interface. This also occurs if the Ipv6 is enabled during installation of the Solaris Operating Environment.

Solaris Operating Environment System Administration I & II

Page 341 of 563

Solaris SA 1 & 2 - Training Material

The /etc/hosts File The /etc/hosts file contains at least loop-back and host information. For example: # cat /etc/hosts * Internet host table 127.0.0.1 localhost 192.1.68.10.25 hostl

loghost

The localhost and loghost are both assigned to the loop-back address and the interface name, hostl, is assigned to a different IP address.

Solaris Operating Environment System Administration I & II

Page 342 of 563

Solaris SA 1 & 2 - Training Material

Important Files and Utilities The following files and commands play a key role in the administration of the Solaris Operating Environment.

The /etc/nodename File Each Solaris Operating Environment has a host name, which is used by persons when referring to a system. You can change the host name by editing the /etc/nodename file and rebooting. The following is an example of a system's /etc/nodename file: # cat /etc/nodename hostl

A system's, host name and the name of its network interfaces do not need to be the same and are often different.

Determining the Current Network Configuration Use the ifconfig -a command to display the settings of all configured interfaces; for example: # ifconfig -a lo0: flags=1000849 mtu 8232 index 1 inet 127.0.0.1 netmask ff 000000 hme0: f lags=1000843 mtu 1500 index 2 inet 192.168.10.25 netmask ffffff00 broadcast 192.168.10.255 ether 8:0:20:a2 :ll:de hmel: flags=1000843 mtu 1500 index 2 inet 192.9.200.201 netmask ffffff00 broadcast 192.9.200.255 ether 8: p: 20:a2: ll:de

The hme0 interface is up, running, and configured with 192. 168. 10. 25 as its IP address.

Solaris Operating Environment System Administration I & II

Page 343 of 563

Solaris SA 1 & 2 - Training Material

You can also use the ifconfig utility to manually change the IP address of an interface. For example, to change the IP address to 192.168.10.37, execute the following commands:

# ifconfig hme0 down # ifconfig hme0 192.168.10. 37 up # ifconfig -a lo0: flags=1000849 mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 hme0: £lags=1000843 mtu 1500 index 2 inet 192.168.10.37 netmask ffffff00 broadcast 192.168.10.255 ether 8:0:20:a2:11:de hmel: flags=1000843 mtu 1500 index 2 inet 192.9.200.201 netmask ffffff00 broadcast 192.9.200.255 ether 8:0:20:a2:11:de

Network Troubleshooting Utilities Two of die most common network troubleshooting utilities are the packet internet groper (ping) and the snoop utility. Use the ping utility to determine if another system can be contacted over the TCP/IP network. For example: # ping host2 host2 is alive A response of no answer from host2 indicates that host2 is not available on the network. Use the snoop utility to determine what information is actually traveling between systems. The snoop utility can show what actually happens when one system uses the ping utility to communication with another system. For example: # snoop hostl host2 host1 --> host2 ICMP Echo request host2 --> hostel ICMP Echo reply The snoop utility can also use audible clicks to notify you of any network traffic by using the -a switch. Although noisy, this is especially useful when troubleshooting a JumpStart™ or Dynamic Host Configuration Protocol (DHCP) boot without the help of a second person in a large room.

Solaris Operating Environment System Administration I & II

Page 344 of 563

Solaris SA 1 & 2 - Training Material

For example, to hear audible clicks for all network traffic related to a DHCP boot, execute the following: # snoop -a dhcp Some additional snoop options include: •

snoop -V Provides a summary verbose output

•

snoop -v Provides a detailed verbose output

•

snoop -o filename Redirects the snoop Activity output to filename

•

snoop -i filename -V |more Displays packets that were previously captured in filename

Solaris Operating Environment System Administration I & II

Page 345 of 563

Solaris SA 1 & 2 - Training Material

Network Services Each network service requires a server process to respond to a client request.

The Internet Service Daemon (inetd) A special network process, inetd, runs on each system to listen on behalf of many server processes that are not started at boot time. The inetd process starts these server processes when the appropriate service is requested. The inetd process is informed of the services to listen for and the corresponding processes to start through the /etc/inet/inetd.conf file. For example: # grep ftp /etc/inet/inetd.conf ftp stream tcp nowait

root /usr/sbin/in.ftpd

If a change is made to the /etc/inet/inetd.conf file, a hang-up . signal must be sent to the inetd process to force it to reread the configuration file. For example: # pkill -HUP inetd

Port Numbers Each network service uses a port that represents an address space, which is reserved for that service. A client usually communicates with a server through a well-known port. Well-known ports are listed in the /etc/services file. For example: # grep telnet /etc/services telnet 23/tcp # The example shows that the telnet service uses well-known Port 23 and uses the TCP protocol.

Solaris Operating Environment System Administration I & II

Page 346 of 563

Solaris SA 1 & 2 - Training Material

Remote Procedure Call (RFC) Each network service must have a unique port number that is agreed upon by all hosts in the network. This is an increasingly difficult task given the number of systems on any network and the number of network services that the systems are capable of running. Sun Microsystems™ developed an extension to the client-server model known as a remote procedure call (RFC). When using an RFC service, a client connects to a special server process, rpcbind, which is a well-known registered Internet service. The rpcbind process registers port numbers associated with each RFC service listed in the /etc/rpc file. The rpcbind process receives all RFC-based client application connection requests and sends the client the appropriate server port number. For example, the sprayd entry is listed in the /etc/rpc file, and looks like the following: # grep spray /etc/rpc sprayd 100012 #

spray

This shows that the sprayd daemon has a program number of 100012 and is also known as spray.

Checking for Registered Services Use the rpcinfo utility with the -p switch to list registered RFC programs. For example, to determine if the sprayd daemon is registered, execute the following: # rpcinfo -p hostl | grep sprayd 100012 1 udp 32805 sprayd #

Solaris Operating Environment System Administration I & II

Page 347 of 563

Solaris SA 1 & 2 - Training Material

Stopping a Network Service Use the rpcinfo utility with the -d switch to unregister an RFC program, which effectively stops the service. For example, to stop the spray service, execute the following: # rpcinfo -d sprayd 1 To verify the service has been stopped, execute the following: # rpcinfo -p | grep sprayd #

Starting a Network Service You can register RFC network services by sending an HUP (Hangup) signal to the inetd process. For example, to start the spray service again, execute the following: # pkill -HUP inetd To verify the service has been registered again, execute the following: # rpcinfo -p | grep sprayd 100012 1 udp 42288 sprayd

Solaris Operating Environment System Administration I & II

Page 348 of 563

Solaris SA 1 & 2 - Training Material

Check Your Progress Before continuing on to the next module, check that you are able to accomplish the following: •

Define the function of each layer within the seven-layer OSI model and the five-layer TCP/IP model

•

Describe the contents of various network control files

•

Construct command strings to perform basic monitoring operations on an, active network

•

Start and stop network services using the command line

Solaris Operating Environment System Administration I & II

Page 349 of 563

Solaris SA 1 & 2 - Training Material

CHAPTER - 17 SOLARIS OPERATING ENVIRONMENT syslog

Objectives Upon completion of this module, you should be able to: •

Configure syslog message routing

•

Modify log message priority and severity

•

Determine the effect of the LO3HOST variable on the syslog process

•

Describe the two methods of--starting the syslogd daemon

•

Add entries to a system log using the logger utility

Solaris Operating Environment System Administration I & II

Page 350 of 563

Solaris SA 1 & 2 - Training Material

The syslog Facility The syslog () function sends messages generated by the kernel and system utilities to the syslogd daemon. Depending on the configuration of the /etc/syslog.conf file, this daemon can: •

Write messages to a system log

•

Write messages to the system console

•

Forward messages to a list of users

•

Forward messages to the syslogd on other hosts over the network

The most valuable feature of syslog is that it puts you in control of message logging. This enables you to decide which messages are to be kept and where the messages are to be placed.

Solaris Operating Environment System Administration I & II

Page 351 of 563

Solaris SA 1 & 2 - Training Material

The syslog Concept

Programs/

Processes

Generates messages

Messages

Kernel Daemons User processes Logger command

syslogd

Destinations

Logs messages Writes messages forwards messages

Reads Etc/syslog.conf

Figure 3.1 syslog concept

Solaris Operating Environment System Administration I & II

Page 352 of 563

Solaris SA 1 & 2 - Training Material

Controlling the Behavior of syslogd Many processes are programmed to generate messages at various levels of importance in response to actions taken, or conditions encountered, duringoperation. You can control the manner in which syslogd manages these messages by modifying the /etc/syslog . conf configuration file. Prom this configuration file, you can instruct syslogd to sort messages by their source or their importance and route them to a specified destination.

Solaris Operating Environment System Administration I & II

Page 353 of 563

Solaris SA 1 & 2 - Training Material

Configuring the /etc/syslog. conf File A configuration entry in the /etc/syslog.conf file consists of two tab-separated fields: selector and action. The selector field consists of a facility and a level written as facility, level. Facilities represent categories of system processes that can generate messages. Levels represent the severity or importance of the message. The action field determines where to send the message. For example, placing the following entry in the /etc/syslog.conf file causes error messages for all facilities to be sent to the /var/adm/messages file:

* . err where * . err

/var/adm/messages

/var/adm/messages Is the selector field; is the facility, is the delimiter, and err is the level of the message Is the action field

Caution -Only use tabs as white space in the /etc/syslog.conf file.

Selector Field The selector field is a semicolon-separated list of priority specifications of the form: facility, level; facility. level.

Solaris Operating Environment System Administration I & II

Page 354 of 563

Solaris SA 1 & 2 - Training Material

Facility is a system facility that is defined by the items shown in Table 3-1.

Table 3-1 Facility kern

Messages generated by the kernel.

user

Messages generated by user processes. This is the default priority for messages from programs or facilities not listed in this file.

mail

The mail system.

daemon

System daemons, such as in. ftpd and telnetd

auth

The authorization system including login, su, and getty.

syslog

Messages generated internally by syslogd

lpr

The line printer spooling system - lpr and lpc.

news

Files reserved for the USENET network news system.

uucp

The UNIX-to-UNIX copy (UUCP) system; does not use syslog.

cron

The cron and at facilities, including crontab, at, and cron.

Local0-7

A field reserved for local use.

mark

Time-stamp messages produced internally by syslogd

*

All facilities, except the mark facility.

Note - You can use the * to select all facilities (for example * .err); however, you cannot use it to select all levels for a facility (for example, kern. *)

Solaris Operating Environment System Administration I & II

Page 355 of 563

Solaris SA 1 & 2 - Training Material

Level is the severity of the message. Levels in order of descending order of severity are shown in Table 3-2 Levels emerg

Panic conditions that are normally to be broadcast to all users.

alert

Conditions that should be corrected immediately, such as a corrupted system database.

Crit

Warnings about critical conditions, such as hard device errors.

err

Other errors.

warning

Warning messages.

notice

For conditions that are not error conditions, but might require special handling,

info

Informational messages.

debug

Messages that are normally used only when debugging a program.

The none message is normally used only when debugging a program. The none message appears when messages are not sent from the indicated facility to the selected file; for example, a selector of * .debug; mail.none sends all messages except mail messages to the selected file.

Note - Not all levels of severity are implemented for all facilities in the same way. For more information, refer to the online manual pages.

Solaris Operating Environment System Administration I & II

Page 356 of 563

Solaris SA 1 & 2 - Training Material

Action Field The action field defines where the message should be forwarded. It can have any one of the following forms: •

/filename The absolute path for log file is required.

Note —this file must be manually created if it does not exist. •

@host You must prefix the host name or IP address with an @ sign. Messages are forwarded to the syslogd of the remote system.

•

userl, user2 userl and user2 receive messages if they are logged in.

•

* All logged-in users will receive messages.

Solaris Operating Environment System Administration I & II

Page 357 of 563

Solaris SA 1 & 2 - Training Material

The /etc/syslog.conf File A sample /etc/syslog.conf configuration file is: # ident "@(ft)syslog.conf 1.5 98/12/14 SMI" /* SunOS 5.0 */ # # Copyright (c) 1991-1998, by Sun Microsystems, Inc. # All rights reserved # # syslog configuration file. # # This file is processed by m4 so be careful to quote ('') names # that match mLOGHOST', /var/log/authlog, (? loghost) mail.debug

i fde f (v LOGHOST', /var/log/authlog, ©loghost)

# # non-loghost machines will use the following lines to cause "user" # log messages to be logged locally. # ifdef (‘LOGHOST', user.err /dev/sysmsg user.err /var/adm/messages user.alert 'root, operator' user.emerg *

Solaris Operating Environment System Administration I & II

Page 358 of 563

Solaris SA 1 & 2 - Training Material

Starting and Stopping syslogd The configuration file is read each time syslogd starts. The /etc/rc2 .d/S74syslog file starts syslogd during each system boot. You can manually start or stop syslogd, if the configuration file has been modified, with the command: # /etc/init.d/syslog start | stop

Solaris Operating Environment System Administration I & II

Page 359 of 563

Solaris SA 1 & 2 - Training Material

Syslogd and them4 Macro Processor The syslogd daemon, the m4 macro processor, and the /etc/syslog.conf file interact, in conceptual phases, to determine correct message routing. These conceptual phases are described as: 1. 2. 3.

syslogd runs m4. m4 processes ifdef statements in /etc/syslog .conf. syslogd uses m4 output to route messages to the appropriate places.

On first evaluation, it appears the syslogd daemon receives message-log routing information from the /etc/syslog .conf file. However, syslogd does not read the /etc/syslog.conf file directly. Instead, syslogd starts m4, which parses the /etc/syslog.conf file for ifdef statements that can be interpreted by m4. If m4 does not recognize any m4 commands on a line, it passes the output back to syslogd as a two-column output that syslogd then uses to route messages to appropriate destinations. If m4 encounters an ifdef statement within the /etc/syslog.conf file, the ifdef is evaluated for a true or false condition, and message routing occurs relative to the output of the test.

Figure 3-2

The m4 Macro Processor

Solaris Operating Environment System Administration I & II

Page 360 of 563

Solaris SA 1 & 2 - Training Material

Detailed Operation You must first consider two examples of the host systems /etc/hosts file

Note-These /etc/hosts file examples have been excepted for brevity.

Example A 192.9.200.1 hostl loghost 192.9-200.2 host2

Example B 192.9.200 1 host1 192.9.200.2 host2 loghost You mist next consider two examples of the m4 command line. 1. 2.

/usr/ccs/bin/m4 /etc/syslog. Conf. /usr/ccs/bin/m4 –d LOGHOST /etc /syslog. conf

Solaris Operating Environment System Administration I & II

Page 361 of 563

Solaris SA 1 & 2 - Training Material

Phase 1 When syslogd starts on boot, syslogd evaluates the /etc/hosts file to check the IP address associated with the hostname compared to the IP address associated with the loghost. In Example A, hostl and loghost are both associated with IP address 192.9.200.1; therefore, syslogd runs the second command line, /usr/ccs/bin/m4 -D LOGHOST that causes the m4 LOGHOST variable to be evaluated as TRUE during the parsing of the /etc/sylog . conf file. In Example B, hostl is associated with IP address 192.9. 200 .1, while host2 and loghost are both associated with IP address 192. 9. 200. 2; therefore, syslogd runs the first command line, /usr/ccs/bin/m4 (no -D LOGHOST) that causes the m4 LOGHOST variable to be evaluated as FALSE during the parsing of the /etc/sylog.conf file.

Solaris Operating Environment System Administration I & II

Page 362 of 563

Solaris SA 1 & 2 - Training Material

Phase 2 In the second phase, the m4 macro processor parses the /etc/syslog.conf file. For each uncommented line that is parsed, m4 searches the line for an ifdef statement. If no ifdef is encountered on the line, m4 passes the line back to syslogd daemon. If the m4 finds a line with an ifdef statement, the line is evaluated for the TRUE or FALSE condition of the LOGHOST variable, and m4 passes syslogd the output, accordingly. For example, mail. debug

ifdef ('LOGHOST' , /var/log/authlog, @loghost) Consider, if the LOGHOST variable was evaluated as TRUE in Phase 1, then the m4 processor returns:

mai1.debug

/ var/log/authlog If the LOGHOST variable was evaluated as FALSE in Phase 1, then the m4 processor returns:

mail.debug

@ loghost In either case, the output has an entry in the selector field and an entry in the action field.

Phase3 In phase 2, for each line that was parsed in the /etc/syslog .conf file, m4 produced output in a two-column field: A selector field and an action field. This information is returned to syslogd, and syslogd uses the information to route messages to their appropriate destinations. Once configured, syslogd continues to run with this configuration.

Solaris Operating Environment System Administration I & II

Page 363 of 563

Solaris SA 1 & 2 - Training Material

Modifying inetd to Use syslog The inetd is the server process for many network services. The inetd process listens for service requests on the TCP (or UDP) ports associated with each of the service listed in its configuration file. When a request arrives, inetd executes the server program associated with the service. You can modify the inetd to log TCP connections using, the syslogd.

inetd Manual Page Excerpt The following online manual page excerpt for inetd shows that only the daemon facility and the notice message level is supported: % man inetd Maintenance Commands inetd (1M) NAME inetd - Internet services daemon ….. ….. -t Instructs inetd to trace the incoming connections for all of its TCP services. It does this by logging the client's IP address and TCP port number, along with the name of the service, using the syslog (3) facility. UDP services can not be traced. When tracing is enabled, inetd uses the syslog facility code ‘"daemon'' and '"notice'' priority level.

Note - The Internet daemon, inetd, provides services for many network protocols including the telnet protocol and File Transfer Protocol (FTP).

Solaris Operating Environment System Administration I & II

Page 364 of 563

Solaris SA 1 & 2 - Training Material

The inetd Start up File Using the -t option as an argument to the inetd command enables TCP tracing. You must enable the trace option for- the inetd daemon for syslog messaging. You add the -t option to the entry, which starts inetd in the inetsvc script in the /etc/init.d directory. The modified entry looks similar to the following: # grep inetd /etc/init.d/ inetsvc /usr/sbin/inetd -s -t & #

Note - You must restart the inetd process for the new option to take effect.

The /etc/syslog.conf file configures the syslogd to selectively distribute the messages sent to it; in the previous example, from inetd

# grep daemon, notice /etc/syslog.conf * .err;kern.debug;daemon.notice;mail.crit

/var/adm/messages

The notice entry in the /etc/syslog.conf file causes all daemon messages of level notice to be sent to the /var/adm/messages file.

Note - The /var/adm/messages file must exist and you must stop and start the syslog daemon.

Solaris Operating Environment System Administration I & II

Page 365 of 563

Solaris SA 1 & 2 - Training Material

Example of syslog Logged Entry You can monitor the syslog file, var adm/messages, in real time using the command tail -f. This holds the file open so you view messages being routed into this file by syslog.

# tail -f

/var/adm/messages

Date/time

Local host name

Process name/ PID#

Jun 14 13:15:39 hostl inetd(2359] : [ID 317013 daemon.notice] 192.9.200.1 45800

IP address

Figure 3-3

Port number

Msg ID#/ selector facility. level

telnet [2361;from

Incoming request/ PPID#

. Example of syslog Logged. Entry The preceding output logs a telnet request to system hostl from IP address 192.9.200.1 on port 4580:. To exit, press Control-C

Note - You can use scripts to automatically parse the log files and send notification to support personnel should any unusual activity exist.

Solaris Operating Environment System Administration I & II

Page 366 of 563

Solaris SA 1 & 2 - Training Material

The logger Utility With the logger command, you can add one-line entries to a system log file. Typically, you can use the logger command as part of a script.

Command For mat logger [ -i ] [ -f file ] t -p priority ) [ -t tag ] [ message ]

Command Options •

-f file Uses the contents of file as the message to log (file must exist).

•

-I Logs the process ID of the logger process with each line.

•

-p priority Enters the message with the specified priority.

•

-t tag Marks each line added to the log with the specified tag.

•

Message Concatenates the string arguments in the message together, in the order specified, separated by single-space characters.

Solaris Operating Environment System Administration I & II

Page 367 of 563

Solaris SA 1 & 2 - Training Material

Examples The following example logs the System rebooted message to the default priority level notice and the facility user for syslogd

# logger System rebooted The System rebooted message should be logged to the file designated for the user .notice selector field. However, if you investigate further, you will find that the user .notice selector field is not configured (by default) in the /etc/syslog.conf file. You can either add the user.notice selector field to the /etc/syslog .conf file, or you can prioritize the output as follows: # logger -p user.err System rebooted Changing the priority of the message to user .err will route the message to the /var/adm/messages file as indicated in the /etc/syslog.conf file.

Solaris Operating Environment System Administration I & II

Page 368 of 563

Solaris SA 1 & 2 - Training Material

CHAPTER - 18 SOLARIS PSEUDO FILE SYSTEMS AND SWAP SPACE

Objectives Upon completion of this module, you should be able to: •

List the Solaris pseudo file system types

•

Describe the relationship between system processes and the /proc directory

•

Describe how the tmpf s file system improves performance

•

Use the dumpadm program to display system dump configuration

•

Use the coreadm command to display core file configuration

•

Create and add a swap file or partition to the swap space

Solaris Operating Environment System Administration I & II

Page 369 of 563

Solaris SA 1 & 2 - Training Material

Solaris Pseudo File Systems

Pseudo file systems are sometimes called RAM-based file systems. Their most, distinguishing feature is that they do not reside on hard physical media. They reside only in physical memory while the operating system is running. You use pseudo file systems to increase performance. They enhance performance because they provide access to data in physical memory, instead of disk-based structures. They enable the use of typical file system operation semantics (for example, the use of the standard system calls) for access to the underlying data structures. The pseudo file systems supported in the Solaris Operating Environment include: •

procfs -The Process file system contains a list of active processes, named according to process number, in the /proc directory. Information in this directory is used by commands, such as the ps command. See the proc(4) man page.

•

tmpfs -The Temporary file system for file storage in memory without the overhead of writing to a disk-based file system. It is created and destroyed every time the system is rebooted.

•

fdfs -The File Descriptor file system provides explicit names for opening files using file descriptors (for example, /dev/ fd/0, /dev/fd/1, /dev/fd/2) in the /dev/£d directory.

•

swapfs -The Swap file system is used by the1 .kernel to manage swap space on disk(s).

Solaris Operating Environment System Administration I & II

Page 370 of 563

Solaris SA 1 & 2 - Training Material

The /proc File System The /proc directory is a mount point for a pseudo file system that provides access to the stale of each process and light-weight process (LWP) in the system. You can write applications to access this state information using the standard system calls. The process information stored in the /proc file system changes as the process moves through its life cycle. Beginning with the Solaris 2.6 Operating Environment release, the previously flat /proc file system was restructured into a directory hierarchy that contains additional subdirectories for state information and control functions. The following are the characteristics of the new directory structure of /proc: •

The name of each entry in the /proc directory is a decimal number corresponding to a process ID.

•

Each process ID named directory in /proc has files that contain more detailed information about that process.

•

The owner of each file in /proc directory and below is determine by the user ID of the process.

The/proc directory is mounted at system boot time by scripts call from/ sbin/rcS. The following example from the /etc/vfstab file shows the mounting of the proc file system on the /proc mount pc. #device #to mount

device to fsck

mount point

FS type

fsck pass

/proc

-

/proc

proc

-

Solaris Operating Environment System Administration I & II

mount at boot no

mount options -

Page 371 of 563

Solaris SA 1 & 2 - Training Material

The tmpfs File System The tmpfs file system uses the virtual memory (VM) subsystem. Once this file system is mounted, it supports standard file operations and semantics. Files and directories in this file system are temporary and are released when the tmpfs is unmounted or the system reboots. This file system supports better performance by maintaining files and directories in RAM. This performance enhancement is most noticeable when a large number of short-lived files are written and accessed on this file system. The following example from the /etc/vfstab file shows the mounting of tmpfs on the virtual memory subsystem at boot time: device to mount swap

device to fsck -

mount point /tmp

FS fsck type pass tmpfs -

mount at boot yes

mount options -

As a result of using tmpfs, all data written to /tmp is written to RAM if space is available. If RAM space is not available, then any data written to /tmp is written to swap space instead.

Solaris Operating Environment System Administration I & II

Page 372 of 563

Solaris SA 1 & 2 - Training Material

The fdfs File System The fdfs file system is a pseudo file system that maintains a repository of file descriptors for open files. Running programs access files by using these file descriptors.

The following example from the /etc/vfstab file shows the mounting of the fdfs file system on the /dev/fd mount point at system boot time: # device #to mount fd

device to fsck -

mount point /dev/fd

FS type fd

fsck pass -

mount at boot no

mount options -

Table 5-1 describes each file descriptor. Table 5-1

File Descriptor Usage

File Descriptor

Description

/dev/fd/0

Standard input(stdin)

/dev/fd/1

Standard output(stdout)

/dev/f.d/2

Standard error(stderr)

/dev/fd/3

Name of file (file)

Solaris Operating Environment System Administration I & II

Page 373 of 563

Solaris SA 1 & 2 - Training Material

The swapfs File System The Solaris Operating Environment software can use disk partitions for temporary memory storage, in addition to using partitions to store file systems. Partitions used to store memory images are called swap partitions. Swap partitions are used as virtual memory storage areas when the system does not have enough physical memory to handle the needs of the currently running processes. Additionally, swap files can be used to augment swap space.

Figure 5-1

Swap Space Definition

Virtual and Physical Addresses The Solaris virtual memory system maps the files on disk to virtual addresses in memory. As the instructions or static data in those files are needed, the virtual memory system maps the virtual addresses in memory lo real physical addresses in memory. The data or instructions in those files are then paged from the disk into physical memory for use by the CPU. These types of physical pages of memory are always backed by known files on the disk.

Solaris Operating Environment System Administration I & II

Page 374 of 563

Solaris SA 1 & 2 - Training Material

Anonymous Memory Pages In addition to containing program instructions or static data, physical memory pages can contain private data or stack information generated by running processes. The information in these pages of physical memory is not backed by a file in the file system. Therefore, these pages can be backed only by swap space on disk in the event that they must be temporarily paged out of memory. Because these private data or stack pages in physical memory are not backed by an actual file on the disk, but solely by swap space, they are referred to as anonymous memory pages.

Solaris Operating Environment System Administration I & II

Page 375 of 563

Solaris SA 1 & 2 - Training Material

Reserving Swap Space When a process is run by the kernel, swap space for any private data or stack space used by the process must be reserved. This reservation occurs just in case the private data or stack information would have to be paged out of physical memory, due to multiple processes contending for limited memory space. Without the use of virtual swap, large amounts of physical swap space would have to be configured on systems to accommodate these reservations. Even systems capable of avoiding paging by having large amounts of physical memory available would still need large swap areas configured for these reservations just in case. However, with the virtual swap space provided in the Solaris Operating Environment by the swapfs file system, the need for configuring large amounts of physical swap space can be reduced on systems with large amounts of available memory. This reduced need for physical swap space can occur because swapfs provides virtual swap space addresses rather than real physical swap space addresses in response to the requests to reserve swap space. With swapfs providing virtual swap space, real physical swap space is required only with the onset of paging, due to processes contending for memory. In this situation, swapfs must convert the virtual swap space addresses to physical swap space addresses for paging to actual swap space to occur.

Criteria for Swap Space With the addition of swapfs, the size of swap space is based entirely on two criteria: •

To save any possible panic dumps resulting from a fatal system failure, there must be sufficient swap space to hold the necessary memory pages in RAM at the time of the failure.

•

The amount of RAM + swap memory must be at least equal to the requirements of both the Solaris Operating Environment and any concurrently running processes.

Solaris Operating Environment System Administration I & II

Page 376 of 563

Solaris SA 1 & 2 - Training Material

Swap Space If you use tmpfs, you should be aware of some constraints involved i mounting a tmpfs file system. The resources used by tmpfs are the same as those used when commands are executed. This means that large sized tmpf s files can affect the amount of space left over for programs to execute. Likewise, programs requiring large amounts of memory use up the space available to tmpfs. Users running into this constraint (for example, running out of space on tmpfs) can allocate more swap space by using the swap command. You can add or delete swap space using the swap command. When swap files or swap partitions are mounted for access by the kernel memory manager, the file type used is swap (observe the contents of the /etc/vfstab file).

Using the swap-Command As the system administrator, you can add swap files or partitions.

Command Format swap [ options ]

[ argument ]

Options •

-l Lists swap space

•

-a Adds to swap

•

-d Deletes from swap e

•

-s Summarizes swap space

Solaris Operating Environment System Administration I & II

Page 377 of 563

Solaris SA 1 & 2 - Training Material

Adding a Swap File Fig are 5-1 illustrates the allocation of swap space.

Allocated used

Reserved

swap -s

Available

Figure 5-2

Swap Space Allocation

To add a swap file, complete the following steps: 1.

List a summary of the system's virtual swap space.

# swap — s total: 25728k bytes allocated + 6140k reserved = 31868k used, 56496k available 2. # swap -1 swapfile /dev/dsk/c0t3d0sl

3.

# df -k File system /dev/dsk/c0t3d0s0 /dev/dsk/c0t3d0s6 /proc fd /dev/md/dsk/d0 /dev/md/dsk/d1 swap

List the details of the system's physical swap space.

dev 32,28

swaplo blocks 8 98752

free 90384

Using the df command, display the amount of disk space occupied by currently mounted file systems, the amount of used and available space, and how much of the file system's total capacity has been used. From, this output, determine which partition has enough space for a swap file of at least 20 Mbytes. kbytes 245455 480815 0 0 231815 67159 103844

used 87061 375163 0 0 82 9 204

avail 58149 105172 0 0 231502 67083 103640

Capacity 36% 79% 0% 0% 1% 1% 1%

Solaris Operating Environment System Administration I & II

Mounted on / /usr /proc /dev/fd /export/data /export/swap / tmp

Page 378 of 563

Solaris SA 1 & 2 - Training Material

The /export/data file system appears to have more than enough space to create an additional swap file. Create a 20-Mbyte swap file named swapfile in the /export/data directory.

# mkfile 20m /export/data/swapfile 4.

Add a swap file to the system's swap space.

# swap -a /export/data/swapfile

5.

List the details of the modified system swap space.

# swap -1 swapfile /dev/dsk/cOt3dOsl /export/data/swapfile

6.

dev 32/28 -

swaplo 8 8

blocks 98792 20472

free 90384 20472

List a summary of the modified system swap space.

# swap -s total: 25728k bytes allocated -t- 6140k reserved = 31868k used, 66708k available

Removing a Swap File To remove a swap file, complete the following steps: 1.

To delete a swap file while online, issue the following command. (Deleting the swap file stops swapping and empties the specified disk space.)

# swap -d /export/data/swapfile

3.

Remove the swap file to free disk space.

# rm /export/data/swapfile

Solaris Operating Environment System Administration I & II

Page 379 of 563

Solaris SA 1 & 2 - Training Material

Adding a Swap Slice To add a swap slice, complete the following steps: 1.

# vi /etc/vfstab # device # to mount /dev/dsk/c0t2d0sl

2.

Add information about the swap partition you created to the file system table (the /etc/vfstab file).

device to fsck -

mount FS point type swap

fsck pass -

mount at boot no

mount opt -

Reboot the system or use the swap -a command to add the additional swap area.

Adding a Permanent Swap File Using the /etc/vfstab File To add a permanent swap file, complete the following steps: 1.

Edit the /etc/vfstab file and add the entry for the file.

# vi /etc/vfstab # device device # to mount to fsck / export /data /swapfile -

2.

mount point -

FS type swap

fsck pass -

mount at boot no

mount opt -

Reboot the system or use the swap -a command to add additional swap space.

Solaris Operating Environment System Administration I & II

Page 380 of 563

Solaris SA 1 & 2 - Training Material

The dumpadm Command The dumpadm program is an administrative command that manages the configuration of the operating system crash dump facility.

Note - A panic dump contains a copy of the "interesting portions" of physical memory at the time of a fatal system error. If a fatal operating system error occurs, a message describing the error is printed to the console. The operating system then generates a crash dump by writing the contents of physical memory to a predetermined dump device, which is typically a local disk partition. The dump device can be configured by using dumpadm. Once the crash dump has been written to the dump device, the system reboots. Fatal operating system errors can be caused by bugs in the operating system, its associated device drivers and loadable modules, or by faulty hardware. Whatever the cause, the crash dump itself provides invaluable information to your support engineer to aid in diagnosing the problem. Following an operating system crash, the savecore(lM.) utility is executed automatically during a boot up to retrieve the crash dump from, the dump device. It then writes the crash dump to a pair of files in your file system named unix.X and vmcore.X, where X is an integer identifying the dump.

The kernel core information placed in the file /var/crash/ 'uname -n’ /vmcore.X is accessed from the device /dev/mem. The name list information placed in the file /var/crash/ 'uname -n' /unix.X is accessed from the device /dev/ksyms.

Together, these data files form the saved crash dump. The directory in which the crash dump occurred is saved when you reboot, and you can use the dumpadm command to configure it. By default, the dump device is configured to be an appropriate swap partition. Swap partitions are disk partitions reserved as virtual memory backing stoic for the operating system, and thus no permanent information resides there to be overwritten by the dump.

Solaris Operating Environment System Administration I & II

Page 381 of 563

Solaris SA 1 & 2 - Training Material

To view the current dump configuration, execute dumpadm with no arguments. For example: # dumpadm Dump content: kernel pages Dump device: /dev/dsk/c0t0d0sl (swap) Savecore directory: /var/crash/hostl Savecore enabled: yes When no options are specified, dumpadm prints the current crash dump configuration. The previous example shows the set of default values: the dump content is set to kernel memory pages only, the dump device is a swap disk partition, the directory for savecore files is set to /var/crash/hostname, and savecore is set to run automatically on reboot. The default values are set in the / etc/dumpadm. con f file. For example:

# cat /etc/dumpadm.conf # dumpadm.conf # # Configuration parameters for system crash dump. # Do NOT edit this file by hand — use dumpadm(1M) instead. # DUMPADM_DEVICE=/dev/dsk/c0t0d0sl DUMPADM_SAVDIR=/var/crash/hostl DUMPADM_COOTENT=kernel DUMPADM_ENABLE=yes

Note - All modifications to the dumpadm configuration should be done at the command line using the dumpadm utility, rather than attempting to edit the /etc/dumpadm.conf file. This could result in an inconsistent system dump configuration.

Solaris Operating Environment System Administration I & II

Page 382 of 563

Solaris SA 1 & 2 - Training Material

Command Format /usr/sbin/dumpadm [-nuy] [-c content-type] [-d dump-device] [-m min k | min m | min%] [-s savecore-dir] [-r root-dir] •

-c content-type - Specifies the contents of the crash dump, ¾ kernel - Indicates kernel memory pages only. ¾ all - Indicates all memory pages.

•

-d dump-device- Modifies the dump configuration to use the specified dump device. ¾ dump-device - Specifies a specific dump device specified as an absolute path name, such as/dev/dsk/C#t#d#s#. ¾ swap - Specifies the special token swap. If this swap is specified, as the dump device, dumpadm examines the active swap entries and selects the most appropriate entry to configure as the dump device. See swap(lM).

•

-m min k | min m | min % -Creates a minfree file in the current savecore directory indicating that savecore should maintain at least the specified amount of free space in the file system where the savecore directory is located. ¾ k - Indicates a positive integer suffixed with the unit k specifying kilobytes. ¾ m - Indicates a positive integer suffixed with the unit m specifying megabytes. ¾ % - Indicates a percent (%) symbol, indicating the minfree value should be computed as the specified percentage of the total current size of the file system containing the savecore directory.

•

-n - Modifies the dump configuration so it does not run savecorc automatically, on reboot.

•

-r root-dir- Specifies an alternative root directory relative to which dumpadm should create files. If no -r argument is specifies the default root directory "/" is used.

Solaris Operating Environment System Administration I & II

Page 383 of 563

Solaris SA 1 & 2 - Training Material •

-s savecore-dir- Modifies the dump configuration to use the specified directory to save files written by savecore. The default savecore directory is /var/crash/hostname where hostname is the output of the -n option to the uname(l) command.

•

-y- Indicates that savecore is automatically run on reboot. This is the default for this dump setting.

Solaris Operating Environment System Administration I & II

Page 384 of 563

Solaris SA 1 & 2 - Training Material

The coreadm Command Use the coreadm command to specify the name or location of core files produced by abnormally-terminating processes.

The coreadm command provide flexible core file naming conventions and better core file retention. For example, you can use the coreadm command to configure a system so that process core files are placed in a single system directory. This means it is easier to track problems by examining the core files in a specific directory whenever a Solaris process or daemon terminates abnormally.

Two new configurable core file paths, par-process and global, can' be enabled or disabled independent of each other. When a process terminates abnormally, it produces a core file in the current directory, as in previous Solaris Operating Environment releases. But if a global core file path is enabled and set to /core flies/core, for example, then each process that terminates abnormally produces two core files: one in the current working directory are one in the /coreflies directory.

Note - If the core file path does not exist, you must create it.

Command Format The following command can be ran by regular users and is used to specify the file name pattern to be used by the operating system when generating a perprocess core file. coreadm [-p pattern] [pid] . . .

The following command is run by root only and is used to configure, systemwide core file options. coreadm [-g pattern ] [-i pattern ] [ -e option ... ]

[ -i option

Solaris Operating Environment System Administration I & II

]

Page 385 of 563

Solaris SA 1 & 2 - Training Material

Default coreadm Command Without Options Using the coreadm with no options displays the typical default settings from the /etc/coreadm.conf file. # coreadm global core file pattern: init core file pattern: core global core dumps: disabled per-process core dumps: enabled global setid core dumps: disabled per-process setid core dumps: disabled global core dump logging: disabled

The first line of output identifies the name to use for core files placed in & global directory. When generated, a global core file is created with mode 600 and is owned by the superuser. Non-privileged users cannot examine such files. The second line of output identifies the name to be used if the init process generates a core file.

The third line indicates that global core files are disabled. The fourth line indicates that core files in the current directory are enabled. Ordinary per-process core files are created with mode 600 under the credentials of the process. The owner of the process can examine such files. In the fifth and sixth lines, if setid core files are enabled, they are created with mode 600 and are owned by the superuser.

The seventh line identifies whether the global core dump logging is enabled.

Caution - A process that has a setuid mode presents security issues with respect to dumping core files, as it might contain sensitive information in its address space to which the current non-privileged owner of the process should not have access. Normally setuidcore files are not generated because of this security issue.

Solaris Operating Environment System Administration I & II

Page 386 of 563

Solaris SA 1 & 2 - Training Material

Note - Complete all modifications to the coreadm configuration at the command line using the coreadm utility instead of editing the /etc/coreadm.conf file. If you manually edit the coreadm configuration file, you must reboot the system or run coreadm -u.

Viewing the /etc/coreadm.conf file verifies the same configuration parameters that were described on page 5-18:

# cat /etc/coreadm.conf # coreadm.conf # # Parameters Core system core- file configuration. # Do NOT edit this file by hand -- use coreadm(l) instead.

COREADM_GLOB_PATTERN= COREADM_INIT_PATTERN=core COREADM_GLOB_ENABLED=no COREADM_PROC_ENABLED=yes COREADM_GLOB_SETID_ENABLED=no COREADM_PROC_SETID_ENABLED=no COREADM_GLOB_LOG_ENABLED=no

Patterns A core file name pattern is a normal file system path name with embedded variables, specified with a leading percent (%) character. These variables are expanded from values in effect when a core file generated by the operating system. The possible variables are: •

%p - Process ID

•

%u - Effective user ID

•

%g - Effective group ID

•

%f - Executable file name

•

%n - System node name (uname -n)

•

%m - Machine hardware name (uname -m)

•

%t - Decimal value of time(2)

•

%% - Literal %

Solaris Operating Environment System Administration I & II

Page 387 of 563

Solaris SA 1 & 2 - Training Material

Examples The following examples show various ways to use the coreadm command. Example 1 - Setting the Core File Name Pattern as a Regular User When executed from a user's $HOME/ .profile or $HOME/. login, the following command sets the core file name pattern for all processes run during the login session:

$ coreadm -p core.%f.%p $$

Note — $$ is the process ID of the currently running shell. The per-process core file name pattern is inherited by all child processes.

Example 2 -Dumping a User's Files into a Subdirectory The following command dumps all of the user's core dumps into the corefiles subdirectory of the home directory, discriminated by the system node name. This is useful for users who use many different machines but have a shared home directory.

$ coreadm -p $ HOME/ corefiles/'%n%f ,%p $$

Example 3 - Enabling and Setting the Core File Global Name Pattern

The following is an example of setting system-wide parameters that add the executable file name and PID to the name of any potential core file that might be created: # coreadm -g / var /core /core. %f.%cp -e global

For example, the core file name pattern: /var /core/core . %f. %p causes the f oo program with process ID 1234, to generate the core file /var/core/core . foo . 1234 .

Solaris Operating Environment System Administration I & II

Page 388 of 563

Solaris SA 1 & 2 - Training Material

To verify that this parameter is now part of the coreadm configuration, run the coreadm command again: #coreadm global core file pattern: /var/core/core.%f.%p -init core file pattern: core global core dumps: enabled per-process core dumps: enabled global setid core dumps: disabled per-process setid core dumps: disabled global core dump logging-, disabled

Example 4 - Checking the Core File Configuration for Specific Process IDs The coreadm command with only a list of process IDs reports each 'process's per-process core file name pattern, for example:

$ coreadm 278 5678 278: core.%f.%p 5678: /home/george/cores/%f. %p.%t

Only the owner of a process or the superuser can interrogate a process in this manner. When a core dump occurs, the operating system generates two possible core files, the global core file and the per-process core file. Depending on the system options in effect, one file, both files, or no files can be generated. When generated, a global core file is created in Mode 600 and is owned by the superuser. Non-privileged users cannot examine such files. Ordinary per-process core files are created in Mode 600 under the credentials of the process. The owner of the process can examine such files.

Solaris Operating Environment System Administration I & II

Page 389 of 563

Solaris SA 1 & 2 - Training Material

Options Supported by coreadm The following are some useful options to the coreadm command. •

- i pattern

Sets the per-process core file name pattern for init to pattern. This is tine same as coreadm -p pattern 1 except that the setting is persistent across reboot. Only a super user can use this option. •

-e option

Enables the specified core file option. Specifies the option as one of the following: ¾ global Allows core dumps using the global core pattern. ¾ process Allows core dumps using the per-process core pattern. ¾ global-setid Allows setidcore dumps using the global core pattern. ¾ proc-setid Allows setid core dumps using the per-process core.pattern. ¾ log. ¾ Generates a syslog (3) message when, a user attempts to generate a global core file. Only superuser can use this option.

Solaris Operating Environment System Administration I & II

Page 390 of 563

Solaris SA 1 & 2 - Training Material

¾ -d option Disables the specified core file option. See the -e option for descriptions of possible options. Multiple -e and -d options can be specified on the command line. Only root can use this option. ¾ -u Updates system-wide core file options from the contents of the configuration file /etc/coreadm. conf. If the configuration file is missing or contains invalid values, default values are substituted. Following the update, the configuration file is resynchronized with the system core file configuration. Only superuser can use this option.

Solaris Operating Environment System Administration I & II

Page 391 of 563

Solaris SA 1 & 2 - Training Material

CHAPTER - 19 NETWORK FILE SYSTEM (NFS )

Objectives Upon completion of this module, you should be able to: •

Describe the functions of an NFS sewer and an NFS client

•

Make resources available and unavailable for mounting

•

Edit the /etc/dfs/dfstab) file on an NFS server to enable automatic sharing of resources

•

Display a server's available resources for mounting

•

Mount a resource from another system

•

Edit the /etc/vfstab file to mount resources on an NFS client

•

Describe the function of these commands: mountall, umountall, shareall, and unshareall

•

Describe and configure NFS logging

Solaris Operating Environment System Administration I & II

Page 392 of 563

Solaris SA 1 & 2 - Training Material

The NFS Distributed File System The Solaris Operating Environment supports the sharing of remote file system resources and presents them to users as if they were local files and directories. The sharing of remote file system resources is administered through distributed file systems (DPS) file system types. This file system type provides the architectural support required for mounting resources over the network. The NFS environment contains the following components: •

NFS server - A system that contains the file resources to be shared with other systems on the network.

•

NFS client - A system that mounts the file resources shared over the network and presents the file resources as if they were local.

Figure 6-1 illustrates an NFS environment.

Figure 6-1

NFS Distributed File System

Solaris Operating Environment System Administration I & II

Page 393 of 563

Solaris SA 1 & 2 - Training Material

The Benefits of a Network Pile System

The benefits of an NFS include: •

Centralized file access Files are located in centralized locations. You can make a copy of a file accessible to many users or systems simultaneously. This is an especially useful feature with home directories or common data files.

•

Common software access Systems can share one or more software packages that are located in a central location. This reduces the disk space requirements for individual systems.

•

Easy to use Remote file sharing is transparent to the user and to any applications, because these resources appear as if they were resident on the local system.

The NFS environment provides file sharing in a heterogeneous environment, potentially containing many different operating systems, including UNIX®, MS-DOS, and Virtual Memory System (VMS).

Note - NFS uses remote procedure calls (RPCs) and external data representation (XDR). XDR library routines allow programmers to describe arbitrary data structures in a machine-independent fashion.

Solaris Operating Environment System Administration I & II

Page 394 of 563

Solaris SA 1 & 2 - Training Material

NFS Distributed File System Components The DPS administration files, commands, and daemons necessary for sharing and mounting NFS file resources are illustrated in Figure 6-2, for both an NFS server and an NFS client. NFS server

NFS client

Daemons: mountd, nfsd, statd, and lockd, nfslogd Files: - /etc/dfs/dfstab - /etc/dfs/sharetab - /etc/dfs/fstypes - /etc/rmtab - /etc/nfs/nfslog.conf - /etc/default/nfslogd - /etc/nfs/nfslogtab Commands:

Daemons: statd and lockd Files: - /etc/vfstab - /etc/mnttab - /etc/dfs/fstypes Commands: mount umount mountall unmountall dfshares dfmounts

share unshare shareall unshareall dfshares dfmounts

Figure 6-2

NFS Files, Commands, and Daemons

Solaris Operating Environment System Administration I & II

Page 395 of 563

Solaris SA 1 & 2 - Training Material

The NFS Daemons NFS operation requires daemons running on the NFS server and NFS client.

The Mount Daemon

When an NFS client issues an NFS mount request, the mount process contacts the NFS server's mount daemon, /usr/lib/nfs/mountd, to get & file handle (pointer) for the file resource to be mounted.

The NFS client mount process then writes the file handle (along with other information about the mounted resource) to the /etc/mnttab file.

NFS Server Daemons When a process on a client attempts to access a remote file resource the NFS server daemon, /usr/lib/nfs/nfsd, on the server gets the request (along with the resource's file handle) and performs the file operation. It then returns any data to the requesting process on the client.

The server daemons are started from the /etc/init.d/nfs .server script. The nfs.server script also defines the maximum number of nfsd threads that can be started.

If a system has entries in its /etc/dfs/dfstab file, these server daemons are started when the system enters run level 3.

Solaris Operating Environment System Administration I & II

Page 396 of 563

Solaris SA 1 & 2 - Training Material

NFS Daemons on the Client and Server Two other NFS daemons, /usr/lib/nfs/statd and /usr/lib/nfs/lockd run on both the NFS servers and clients. These daemons are started automatically when a system enters run level 2.

The two daemons work together to provide locking services in NFS. If the server crashes, clients can quickly re-establish the connections to files they were using. The server has a record of the clients that were using NFS. It contacts each client to obtain the information about which files were in use to allow continued operation. Doth daemons are started from the /etc/init.d/nfs.client script, and typically do not require administrative intervention.

NFS File Handles File handles are client references that identify a unique file or directory on the server. File handles encode the file's 'mode number, inode generation number, and disk device number.

Once a client successfully completes an NFS mount request, an entry is made in the /etc/rmtab file by the mountd daemon on the server. The /etc/rmtab file contains a table of file systems that are remotely mounted by NFS clients. It also contains a line entry for each remotely mounted file system. For example:

hostname:fsname These line entries are removed from this file by the mountd command when it is first started.

Stale entries can accumulate in this file for clients that have crashed, and could hot send an unmount request. Removing these entries allows the client to remount the resource.

Solaris Operating Environment System Administration I & II

Page 397 of 563

Solaris SA 1 & 2 - Training Material

The NFS Server The following commands and files are used in conjunction with the NFS server.

The share Command When the mountd daemon is running, use the /usr/sbin/share command to make file resources available for mounting by remote systems.

Command Format share [ -F FSType ]

( -o options ] ( -d description ] pathname

Options

The following options can be used with the share command: •

-F nfs Specifies the file system type. This option is not typically required as nfs is the default remote file system type.

Note - If you do not use the option -F fstypes, the system takes the file system type from the first line of the /etc/dfs/fstype file. •

-o options Controls a client's access to an NFS-shared resource.

•

-d description Describes the file resource being shared. This information is displayed by the share command when used with no argument

•

pathname Specifies the resource to be shared.

Solaris Operating Environment System Administration I & II

Page 398 of 563

Solaris SA 1 & 2 - Training Material

File Resource Staring To share a file resource from the command line, execute the following: # share -F nfs -o ro /usr/ snare /man

The share command writes information for all shared file resources to the /etc /dfs/ share tab file. The file contains a table of the local resources shared. If no argument is specified, the share command displays a list of all file resources currently shared. # share / usr/share/man /export/ install

The /etc/dfs/dfstab File The /etc/dfs/dfstab file gives the system administrator a method for the automatic sharing of local file systems. Each line of the dfstab file consists of a share command.

# # # # # # # # # # # #

cat /etc /dfs/dfstab Place share (1M) commands here for automatic execution on entering init state 3. issue the command ' /etc/ init.d/nfs. server start' to run the NFS daemon processes and the share commands, after adding the very first entry to this file. share [-F fstype | -o options] [-d ""] <pathname> [resource] e.g. share -F nfs -o rw=engineering -d "home dirs" /export/home2

The contents of the /etc/dfs/dfstab file are executed when: •

The system enters run level 3.

•

The superuser runs the shareall command. The NFS daemons must be running.

•

The superuser runs the /etc/init.d/nfs.server script (which contains a

Solaris Operating Environment System Administration I & II

Page 399 of 563

Solaris SA 1 & 2 - Training Material

shareall command) with the start argument. This script starts the nfs server daemons.

Note - If the nfs.server script does not find NFS entries in the /etc/dfs/dfstab file, it exits without running the NFS daemons.

NFS Access Management By default, NFS-mounted resources are available with read and write privileges based on standard Solaris file permissions. Access decisions are based, on a comparison of the DID of the client and the owner. The following share command options restrict the read and write capabilities for NFS clients and enable superuser access to a mounted resource. •

ro Informs clients that the server accepts only read requests.

•

rw Allows the server to accept read and write requests from the client.

•

root-client Informs clients that the root user on the specified client system or systems can perform superuser privileged requests on the shared resource.

•

ro=access-list Allows read requests from the specified access list.

•

rw=access-list Allows read and write requests from the specified access list. -

access-list:client1:client2 Allows access based on a colon-separated list of one or more clients.

Solaris Operating Environment System Administration I & II

Page 400 of 563

Solaris SA 1 & 2 - Training Material

-

access-1ist=@network Allows access based on a network number (for example, 0192.168.100) or network name (for example, &mynet.com). The network name must be defined in /etc/networks.

-

access-list = .domain Allows access based on a DNS domain; the dot (.) identifies it as a DNS domain.

-

access-1ist = netgroup_name Allows access based on a configured net group (NIS or NIS+ only).

-

anon=n Sets n to be the effective user ID of unknown users. By default, unknown users are-given the effective user ID UID_NOBODY. If n is set to -1, access is denied.

You can combine these options by separating each with commas, forming intricate access restrictions.

Examples # share -F nfs -o ro directory This command line restricts access to NFS mounted resources to read-only access. # share -F nfs -o ro, rw=clientl directory This command line restricts access to NFS-mounted resources to read-only access; however, the NFS server accepts both read and write requests from the client named clientl. # share -F nfs -o root=client2 directory This command line allows the root user on the client named client1:2 to have superuser access to the NFS mounted resources. # share -F nfs -o anon=0 directory By setting the option anon=0, the G.U1D for access lo shared resources is set to the U1D of the user who is accessing the shared resource.

Solaris Operating Environment System Administration I & II

Page 401 of 563

Solaris SA 1 & 2 - Training Material

The unshare Command The /usr/sbin/unshare command makes file resources unavailable for mounting by remote systems. It reads the /etc/dfs/sharetab file.

Command Format

unshare [ -F nfs ] pathname Options

The following options can be used with the unshare command: •

-F nfs Specifies nfs as the file system type. This option is not typically required because nfs is the default remote file system type.

•

pathname Specifies the path name of the file resource to be unshared.

The following example makes the resource unavailable for mounting: # unshare /usr/share/man

Solaris Operating Environment System Administration I & II

Page 402 of 563

Solaris SA 1 & 2 - Training Material

The shareall and unshareall Commands Use the /usr/sbin/shareall and /usr/sbin/unshareall commands to share and unshare alt NFS resources.

The shareall Command Without any arguments, the shareall command shares all file resources listed in the /etc/d£s/dfstab file. shareall [ -F nfs ]

The unshareall Command Without any arguments, the unshareall command unshares currently shared file resources. It does this by reading the /etc/dfs/sharetab file. unshareall [ -F nfs ]

.

Solaris Operating Environment System Administration I & II

Page 403 of 563

Solaris SA 1 & 2 - Training Material

Configuring the NFS File Server To set up an NFS server, complete the following steps:

1.

Edit the /etc/dfs/dfstab file and add those file resources to be automatically shared whenever the system enters run level 3. For example:

share -F nfs /usr/share/man

2.

Start the NFS server daemons by invoking the following:

# /etc/init.d/nfs.server start

This shares the content? of the /etc/dfs/dfstab file.

Note - You can use the dfshares command to verify that the resources are available.

Solaris Operating Environment System Administration I & II

Page 404 of 563

Solaris SA 1 & 2 - Training Material

NFS Informational Commands Use the following commands to get information about NFS resources.

The dfshares Command The dfshares command displays the NFS resources currently being shared.

Command Format dfshares [ -F nfs ] [ host ]

Without arguments, the dfshares command displays shared resources for the local server. # dfshares RESOURCE hostl:/usr/share/man hostl

SERVER -

ACCESS -

TRANSPORT _

It is also used to display shared resources by a specified server name. # dfshares host2 RESOURCE host2:/export

SERVER host2

ACCESS -

Solaris Operating Environment System Administration I & II

TRANSPORT -

Page 405 of 563

Solaris SA 1 & 2 - Training Material

The dfmounts Command This command displays mounted resource information. Command Format dfmounts [ -F nfs ]

Without arguments, the dfmounts command displays the shared resource and clients mounting the resource for the local server.

# demounts RESOURCE -

SERVER hostl

PATHNAME /usr/share/man

CLIENTS host5,hosc9

This command is also used to display mounted resource information for a specified server name.

# dfmounts host2 RESOURCE SERVER host2

PATHNAME CLIENTS /export host5, host9

Solaris Operating Environment System Administration I & II

Page 406 of 563

Solaris SA 1 & 2 - Training Material

The NFS Client The following commands and files are used with the NFS client.

The mount Command The /usr/sbin/mount command is used to attach either a local or remote file resource to the file system hierarchy. Command Format

mount [ -F nfs ] [ -o options ] server .-pathname mount_point

Options The following options can be used with the mount command: •

-F nfs Specifies nfs as the file system type. This option is not required because nfs is the default remote file system type.

•

-o options Specifies a comma-separated list of file-system specific options, such as rw, to mount the file resource as read, write, and ro to mount the file resource read-only. (The default is rw.)

•

server: pathname

.

Specifics the name of the server and the path name of the remote file resource; these are separated by a colon (:). •

mount_point Specifies the path name of the mount point on the local system (which must already exist).

Solaris Operating Environment System Administration I & II

Page 407 of 563

Solaris SA 1 & 2 - Training Material

Accessing a Remote File Resource Use the mount command to access a remote file resource. For example: # mount hostl:/usr/share/man /usr/share/man To mount a remote read-only file resource from the first-available host in a comma-separated list of hosts, execute the following: # mount -o ro hostl, host2,host3:/usr/share/man /usr/share/man For file systems shared as read-only, if multiple hosts are named and the first server in the list is down, the failover utility uses an alternative server in the list to access files.

The /etc/ vfstab File To have remote file resources mounted at boot time, enter the appropriate entries in (he client's /etc/vfstab file. For example:

# device device # to mount to fsck # hostl:/usr/share/man -

mount. point

FS type

/usr/share/man

nfs

fsck pass -

mount mount at boot options

yes

soft.bg

The fields in the /etc/vfstab file include: •

device to mount The name of the server and the path name of the remote file resource; these are separated by a colon (:).

•

device to fsck NFS resources are not checked from the client, because the file system is not owned by the client. This field is always dash (-) for NFS resources.

•

mount point The default mount point for the file resource.

•

FS type Use nfs for NFS resources.

Solaris Operating Environment System Administration I & II

Page 408 of 563

Solaris SA 1 & 2 - Training Material

•

fsck pass NFS resources are not checked from the client, because the file system is not owned by the client. This field is always dash (-) for NFS resources.

•

mount at boot Either yes or no, which indicates whether the file resource should be, mounted when the system enters run level 2 or when the mountall command is issued, respectively.

•

mount options A comma-separated list of mount options.

•

rw | ro Specifies whether the resource is mounted as read write or read only. The default is read write.

•

bg|fg If the first mount attempt fails, retry in the background or foreground. The default is to retry in the foreground.

•

soft | hard During an NFS mount request, the soft option returns an error if the server does not respond, then it continues boot. The hard option continues to retry the mount until the server responds or the retry/timeout values are exceeded. The default is a hard mount.

Note - Although soft or bg are not the default settings, combining these two options usually results in the fastest client boot up when NFS mounting problems arise. •

Intr/ nointr Indicates keyboard interrupts to kill a process that is hung waiting for a response on a hard-mounted file system. The default is intr.

Solaris Operating Environment System Administration I & II

Page 409 of 563

Solaris SA 1 & 2 - Training Material

•

Suid/nosuid Indicates whether to enable setuid execution. The default enables setuid execution.

•

Timeout = n Sets timeout to n tenths of a second. The default timeout is 11, measured in one-tenth of a seconds (0.1 second) for User Datagram Protocol (UDP) transports and 600 tenths of a second for TCP.

•

retry=n Sets the number of times to retry the mount operation. The default is 10,000 times.

•

re trans -n Sets the number of NFS retransmissions to n. The default is 5 for UDP. For connection-oriented transports (such as TCP), this option has no effect.

Note - If the file resource is listed in the /etc/vfstab file, the superuser can specify either server-.pathname or mount_point on the command line because the mount command checks the /etc/vfstab file for more information.

Solaris Operating Environment System Administration I & II

Page 410 of 563

Solaris SA 1 & 2 - Training Material

Recommended Mounting Options Mounting a file system with the bg option indicates that if the server's mountd does not respond, the system's attempt to remount the file system occurs in the background. This prevents the remount from interruptions of other system services. When the file system is mounted, an NFS request waits die amount of time indicated by the timeo field (tenths of a second) for a response. If no response is received, the value in the timeo field is doubled and the request is retried. When the retransmission times reach the value in the retrans field, a file system mounted with the soft option returns an error. A file system mounted with the hard option prints a warning message and continues to retry.

Table 6-1 lists the recommended mounting options for some commonly shared file resources. Table 6-1

Mount Options

NFS File Resource

Read-write/ Read-only

System Startup

Server Crash

Interrupt

Security

/usr

ro

£g

hard

nointr

suid

/export /home

rw

bg

hard

intr

nosuid

/opt/ home

ro

bg

soft

-

nosuid

A Read-Only Director The /usr file system contains operating system binaries. This essential file system is mounted in the foreground, the booting process does not continue until the mount is completed. The NFS client hard mounts this directory. This means the client continues to retry the mount request until the server responds.

Solaris Operating Environment System Administration I & II

Page 411 of 563

Solaris SA 1 & 2 - Training Material

A Read-Write Directory The /export/home directory is where the users' login directories are commonly placed. A hard mount is recommended for all read-write (rw) file systems (for example, users' home directories). The nosuid option provides additional network security because the setuid permissions on NFS resources are ignored.

A Read-Only Application Directory Nonessential applications are commonly mounted as read only (ro) in the background (bg) with a sole mount. The system continues to boot if the server does not respond during boot. If the server crashes, the mount times out.

The umount Command Use the /usr/sbin/umount command to detach either a local or remote file resource from the file system hierarchy. Command Format

umount server : pathname | mount_point

The command line can specify either server:pathname or mount_point.

# umount /usr/ share /man

Solaris Operating Environment System Administration I & II

Page 412 of 563

Solaris SA 1 & 2 - Training Material

The mountall and umountall Commands Use the /usr/sbin/mountall and /usr/sbin/umountall commands to mount and unmount all file resources.

The mountall Command Without any arguments, the /usr/sbin/mountall command mounts all file resources listed in the /etc/vfstab file with a mount-at-boot value of yes. To limit the action of this command to remote file resources, use the -r option.

Command Format

mountall -r [ -F nfs ] The -F nfs option restricts the action of this command to NFS resources only. # mountall -r

Solaris Operating Environment System Administration I & II

Page 413 of 563

Solaris SA 1 & 2 - Training Material

The umountall Command Without any arguments, the /usr/sbin/umountall command unmounts all currently mounted file resources. To limit the action of this command to remote file resources, use the -r option.

Note - root ( / ), /usr, /var, and all pseudo file systems are not unmounted.

Command format Umountall

-r [ -F nfs ]

# umountall -r

Option The following option can be used with the umountall command: •

-F nfs

Specifies nfs as the file system type. This option is not required, because nfs is the default remote file system type.

Solaris Operating Environment System Administration I & II

Page 414 of 563

Solaris SA 1 & 2 - Training Material

The NFS Client Setup To set up an NFS client, complete the following steps: 1.

Use the /usr/sbin/df shares command to display a server's available resources.

# dfshares hostl RESOURCE hostl:/usr/share/man 2.

SERVER hostl

ACCES -

TRANSPORT -

Use the /usr/sbin/mount command to access the remote file resource.

# mount hostl:/usr/share/man /usr/share/man The /usr/share/man directory on the client is the mount point in the local system's file hierarchy. This directory should be empty.

3.

Once it has been determined that access to the manual pages located on the remote server is no longer needed, you can unmount the remote file resources from the client by using the /usr/sbin/umount command.

# umount /usr/share/man' Occasionally, an attempt to unmount an NFS file system results in the following error message: nfs mount: /usr/share/man: is busy This usually means that a user or program is accessing the resource.

Mounting Using the /etc/vf stab File Edit the /etc/vfstab file to add an entry for the remote resource that is automatically mounted whenever the system enters run level 3. hostl: /usr/share/man - /usr/share/man nfs - yes ro,bg

Solaris Operating Environment System Administration I & II

Page 415 of 563

Solaris SA 1 & 2 - Training Material

NFS Server Logging A new feature in the Solaris Operating Environment is NFS server logging. This feature records NFS reads and writes on the file system. The daemon, nfslogd, provides this operational logging. When NFS server logging is enabled, records of all NFS operations on the file system are written into a buffer file by the kernel. This data includes a timestamp, the client IP address, the DID of the requestor, the file handle of the resource that is being accessed, and the type of operation that occurred. The nfslogd daemon converts this raw data into ASCII records- that are stored in ASCII log files. During the conversion, the IP addresses arc modified to host names and the UIDs are modified to logins. Mappings of file handles to path names is also handled by nfslogd. It keeps track of these mappings in a file-handle- to-path mapping .table.

One mapping table exists for each tag identified in the /etc/nfs/nfslog.conf file. The file handles are also converted into path names. The daemon keeps track of the file handles and stores information in a separate file handle to path name table, this way the path does not have to be re-identified each time a file handle is accessed.

Note - It is important to keep the nfslogd daemon running, because there is no tracking of changes to the mappings in the file_handle-to-path table if nfslogd is turned off.

Solaris Operating Environment System Administration I & II

Page 416 of 563

Solaris SA 1 & 2 - Training Material

Enabling NFS Server Logging To enable nfs server logging, complete the following steps:

1.

Become superuser.

2.

Optional: Change the file system configuration settings. In /etc/nfs/nfslog.conf, either edit the default settings for all file systems by changing the data associated with the global tag or add a new tag for the specific file system. If these changes are not needed, do not edit this file.

3.

Add entries for each file system to be shared using NFS server Edit /etc/dfs/df stab and add one entry to the file for the file system that is to have NFS server logging enabled.

You must enter the tag used with the log=tag option in /etc/nfs/nfslog.conf

The following example uses the default settings in the global tag: share -F nfs -o ro , iog=global /export/ftp 4.

Check that the nfs service is running on the server. If the nfs daemons are not running, issue the following commands to kill and restart the nfs daemons.

# /etc/init .d/nfs . server stop # /etc/init .d/nfs. server start

5.

If the NFS daemons are already running, issue a command to share the file system. Once you add the entry to /etc/dfs/dfstab, the file,system can be shared by either rebooting the system or by using the shareall command.

# shareall

If the NFS daemons were restarted earlier, you do not need to run this command because the script runs the command.

Solaris Operating Environment System Administration I & II

Page 417 of 563

Solaris SA 1 & 2 - Training Material

6,

Verify that the information is correct.

.

Run the share command to check that the correct options are listed: # share -

/export/share/man ro “” /usr/src rw=eng “” /export/ftp ro, log=global ""

7.

Start the NFS log daemon, nfslogd, if it is not running already.

# /usr/lib/nfs/nfslogd This step is not necessary if you restarted the nfs daemons using the nfs. server script, because this script also starts this dacrnon if the /etc/nfs/nfslog .conf file exists.

The / etc/nfs/nfslog. conf File This file defines the path, file names, and type of logging to be used b; nfslogd Each definition is associated with a tag. Starting NFS server logging requires that you identify the tag for each file system. The global tag defines the default values.

The following is an example of an original nfslog .conf file:

# cat /etc/nfs/nfslog.conf # ident "@(#)nfslog.conf # #

1.5

99/02/21 SMI"

# NFS server log configuration file. # [ defaultdir= ] \ [ log= ] [ stable= ] \ [ buffer= ] [ log format=basicl extended ] # global defaultdir=/var/nfs \ log=nfslog fhtable=fhtable buffer=nfslog_workbu£fer

Solaris Operating Environment System Administration I & II

Page 418 of 563

Solaris SA 1 & 2 - Training Material

Use the following parameters with each tag, as needed: •

defaultdir=path Specifies the default directory path for the logging files.

•

log=path/ filename Sets the path and file name for the log files.

•

fhtable=path/ filename Selects the path and file name for the file_handle-to-path database files.

•

buffer=path/ filename Determines the path and file name for the buffer files.

•

logformat=basic| extended Selects the format to be used when creating user-readable log files. The basic format produces a log file similar to some ttpd daemons. The extended format gives a more detailed view.

For the parameters that can specify both the path and the file name, if the path is not specified, the path defined by defaultdir is used. Also, you can override defaultdir by using an absolute path. To make identifying the files easier, place the files in separate directories. For example,

# cat /etc/nfs/nfslog.conf # ident "@ (#) nfslog.conf 1.5 # NFS server log configuration file. #

99/02/21 SMI

global defaultdir=/var/nf s \ log=nfslog fhtable=fhtable buffer=nfslog_workbuffer publicftp log=logs/nfslog fhtable=fh/fhtables buffer=buffers/workbuffer

You must create the directories for logs, fh, and buffers before starting NFS server logging.

Solaris Operating Environment System Administration I & II

Page 419 of 563

Solaris SA 1 & 2 - Training Material

In this example, any file system shared with log=publicftp uses the following values: •

The default directory is/var/nfs.

•

The log files are stored in /var/nfs/logs/nfslog*.

•

The file_handle-to-path database tables are stored in /var/nfsIfh/fhtables.

•

The buffer files are stored in /var/nfs/buffers/workbuffer.

The /etc/default/nfslogd File NFS operations on an NFS server are logged based on the configuration information defined in /etc/default/nfslogd.

This file defines some of the parameters used when using NFS server logging. These parameters include: •

MAX_LOGS_PRESERVE - Determines the number of log files to be saved. The default value is 10.

•

MINL_PROCESSING_SIZE - Sets the minimum number of bytes that the buffer file must reach before processing and writing to the log file. The default value for is 524288 bytes. Increasing this number can improve performance by reducing the number of times the buffer file is processed. This parameter, along with IDLE_TIME determines how often the buffer file is processed. •

IDLEJTLME - Sets the number of seconds mat nfslogd should sleep (wait) before checking for more information in the buffer file. It also determines how often the configuration file is checked. The default value is 300 seconds. Increasing this number can improve performance by reducing the number of checks.

•

CYCLE_FREQUENCY - Determines the number of hours that must pass before the log files are cycled. The default value is 24 hours This option is used to prevent the log files from growing too large

•

UMASK - Specifies the permissions for the log files that are create by nfslogd. The default value is 0137.

Summary of NFS Commands, Files, and Daemons The main commands and files used on both the server and client systems are Solaris Operating Environment System Administration I & II

Page 420 of 563

Solaris SA 1 & 2 - Training Material

summarized in Table 6-2. Table 6-2

Summary of NFS Commands, Files, and Daemons

NFS Server

NFS Client

Commands

share resource unshare resource shareall unshareall dfmounts /etc/init.d/nfs.server

mount server : directory mount-point umount mount-point mountall -r umountall -r. dfshares server /etc/init.d/nfs.client

Files

/etc/dfs/fstypes /etc/dfs/dfstab /etc/dfs/sharetab) /etc/rmtab /etc/nfs/nfslog.conf /etc/default/n£slogd /etc/nfs/nfslogtab

/etc/dfs/fstypes /etc/vfstab /etc/mnttab

Daemons

/usr/lib/nfs/nfsd /usr/lib/nfs/mountd /usr/lib/nfs/statd /usr/lib/nfs/lockd /usr/lib/nfs/nfslogd

/usr/lib/nfs/statd /usr/lib/nfs/lockd

Solaris Operating Environment System Administration I & II

Page 421 of 563

Solaris SA 1 & 2 - Training Material

CHAPTER - 20

AUTO FS

Objectives

Upon completion of this module, you should be able to: •

List the benefits of using the automount utility

•

Describe the purpose of each of the types of autmount maps

•

Configure the auto_master map to specify which direct, indirect and special maps the automountd daemon reads

•

Create the auto_direct map with the full path names and mount options for automatically mounting remote file resources

•

Modify the autohome map as an example of an indirect map providing a consistent view of home directories across the network regardless of where the user is logged in

Solaris Operating Environment System Administration I & II

Page 422 of 563

Solaris SA 1 & 2 - Training Material

AutoFS Overview The AutoFS file system enables you to do the following: •

Mount file systems on demand

•

Unmount file systems automatically.

Note - Automountd resources remain mounted for as long as they are being used. If no files or directories within the file system are accessed within a specified time-out period, a file system unmount automatically occurs. •

Centralize the administration of AutoFS mounts through the use of a name service.

•

Have multiple mount resources for read-write file systems.

Solaris Operating Environment System Administration I & II

Page 423 of 563

Solaris SA 1 & 2 - Training Material

AutoFS Components AutoFS contains three components that work together on the client to accomplish automatic mounting. These components include an AutoFS file system, the automount command, and the automountd daemon.

Figure 7-1

AuloFS Components

The following list describes the components: •

The autofs file system's mount points are defined in automount: maps located in the /etc directory on the client system. Once the autofs mount points are set up, activity under the mount points can trigger file systems to be -mounted under them. If automount is configured, the autof.s file system monitors mount requests made on the client. If a mount request is made for an autofs resource not currently mounted, autofs calls the automountd daemon, which actually mounts the requested resource.

Solaris Operating Environment System Administration I & II

Page 424 of 563

Solaris SA 1 & 2 - Training Material

•

The automount command - The automount command, called at system startup time, reads the master map file /etc/auto_master to create the initial set of autofs mounts These autofs mounts are not automatically mounted at startup time. They are points under which file systems are mounted on demand.

•

The automountd daemon - The automountd daemon is, started at boot time from the /etc/init.d/autofs script and mounts file systems on demand.

Note - The automountd daemon is completely independent from the automount command. Because of this separation, you can add, delete, or change map information without having to stop and start the automountd daemon process. However, the process might have to reread the maps.

Solaris Operating Environment System Administration I & II

Page 425 of 563

Solaris SA 1 & 2 - Training Material

Automount Maps The autofs files, called maps, identify the file system resources to be automatically mounted. These map types include: •

Master map - Read by the automount command during boot up. This map lists the other maps used for establishing the autofs file system.

•

Direct map - Lists the mount points as absolute path names. This map explicitly indicates the mount point on the client.

•

Indirect map - Lists the mount points as relative path names. This map uses a relative path to establish the mount point on the client

•

Special - Provides access to entries in /etc/hosts or the Federated Naming Service (FNS).

automount maps contain ASCII data files or NIS or NIS+ database files. Together, these maps describe information similar to the information specified in the /etc/vf stab file for remote file resources

Solaris Operating Environment System Administration I & II

Page 426 of 563

Solaris SA 1 & 2 - Training Material

Master Maps The auto_master file associates a mount point with a map. It is a master list specifying all of the maps that autofs should check. Names of direct and indirect maps listed here refer to files in /etc. The following example shows what an auto_master file can contain:

# cat /etc/auto_master # Master map for automount # +auto_master /net -hosts /auto_direct /home / auto_home /xfn -xfn

-nosuid,nobrowse -nobrowse

The following describes the fields in this example of a master map file: mount_point

The full path name of a directory. If the directory does not exist, autofs creates one if possible.

Map-name

The name of a direct or indirect map. These maps are directions to mounting information.

mount-options

The general options for the map. The mount options are the same as those for standard NFS mounts.

Note - The plus (+) symbol at the beginning of the +auto_master line in this file directs the automounter program to look at the NIS or NIS+ databases. If this line is commented out, only the local files are used.

Solaris Operating Environment System Administration I & II

Page 427 of 563

Solaris SA 1 & 2 - Training Material

Special Maps There are two mount points for special maps listed in this /etc/auto_master file. They identify the following: •

The -hosts map This special map provides access to all resources shared by each NFS server listed in the hosts database. You can obtain this information from /etc/met/hosts, NIS, NIS+, or DNS. This is a default entry. Shared resources associated with this map are mounted below /net/hostname.

•

The -xfn map This special map provides access to resources available through the X/Open Federated Naming Service. Resources associated with this service mount below /xfn.

Direct Map Entries The /- entry in the example master map defines a mount point for direct maps. This mount point is a pointer that informs the automount program that the full path names are defined in the file specified by map name (/etc/auto_direct in this example).

Note - This is not an entry in the default master map. It has been added here as an example. The other entries in this example already exist in the auto master file.

Note - A NIS or NIS+ auto_master map can have only one direct map entry. An auto_master map that is a local file can have any number of entries.

Indirect Map Entries The /net, /home, and /xfn entries define mount points for indirect maps. The maps -hosts, auto_home, and -xfn list relative path names only. Indirect maps get the initial path of the mount point from the master map.

Solaris Operating Environment System Administration I & II

Page 428 of 563

Solaris SA 1 & 2 - Training Material

The Solaris 2.6 Operating Environment through Solaris Operating Environment releases support browsing of indirect maps (and special maps) with the -browse option. This allows all of the potential mount points to be visible, regardless of whether they are mounted. The nobrowse option disables the browsing of indirect maps. Therefore, in this example, the /home automount point provides no browser functions for any directory other than those that are currently mounted. The default for this option is -browse.

Solaris Operating Environment System Administration I & II

Page 429 of 563

Solaris SA 1 & 2 - Training Material

Direct Maps Direct maps specify the absolute path name of the mount point, the specific options for this mount, and the shared resource to mount. For example:

# cat /etc/auto_direct # Superuser-created direct map for automount # /apps/frame -ro.soft serverl: /export/framemaker, v4 .0 /opt/local -ro.soft server2:/export/unbundled /usr/share/man -ro.soft servers,server4,server5: /usr/share/man

The following describes the syntax for direct maps: key

[ mount-options]

location

•

key - The full path name of the mount point for direct maps.

•

options - The specific options for a given entry.

•

location - The location of the file resource specified in server -.pathname notation.

The following direct map entry specifies that the client mounts the /usr/share/man directory as read only from tine servers servers, server4, or servers, as available: /usr/share/man

-ro

server3, server4, servers: /usr/share/man

This entry uses a special notation, a comma-separated list of servers, to specify a powerful automounter feature—multiple locations for a file resource.

Note - The comma-separated list of servers automount feature works only with servers that are sharing files as read-only.

The automountd command automatically mounts /usr/share/man as needed, from server3, server4, or servers, with server proximity being the factor on server selection. If the nearest server fails to respond within the prescribed time-out period, the server with the next nearest proximity is selected.

Solaris Operating Environment System Administration I & II

Page 430 of 563

Solaris SA 1 & 2 - Training Material

Indirect Maps Indirect maps have relative paths in the key field. The first part of the path name is specified in the master map. Indirect maps are useful when you want to mount many remote file resources below a common directory.

The auto_home Indirect Map The auto_home indirect map provides a consistent view of home directories across the network, regardless of which system a user is currently logged in to. For example,

# cat /etc/auto_home # Home directory map for automounter +auto_home stevenu host5 : /export/ home /stevenu johnnyd host6 : /export/home/ johnnyd wkd serverl : /export/home/wkd

Note - The plus (+) symbol at the beginning of the +auto_home line in the file directs the automounter to look at the NIS or NIS+ databases. If this line is commented out, only the local files arc used.

The following describes the syntax for indirect maps:

key

[ mount-options]

location

•

key - The path name of the mount point relative to the beginning of the path name specified in the /etc/auto_master file.

•

options -The specific options for a given entry.

•

location -The location of the file resource specified in server: pathname notation.

Solaris Operating Environment System Administration I & II

Page 431 of 563

Solaris SA 1 & 2 - Training Material

The Substitution String for an Indirect Map The following entry reduces die auto_home file to a single line. The use of substitution characters specifies that for every login ID, the client remotely mounts the /export/home/login ID directory from the NFS server serverl onto the local mount point /home/loginlD.

serverl -. /export/home/k

This entry uses the wildcard character (*) to match any key; the substitution character (&) at the end of the location specification is replaced with the matched key field. This works only when all home directories are on a single server (in this example, serverl).

Solaris Operating Environment System Administration I & II

Page 432 of 563

Solaris SA 1 & 2 - Training Material

The automount Command When making changes to the master map or creating a direct map, make the change effective by running the automount command.

Command Format automount [-t duration ] [-v ] The following describes the automount command options. •

-t duration

Specifies a time, in seconds, that the file system remains mounted when not in use. The default is 600 seconds (10 minutes). •

-v Displays output as the automount command executes

You do not have to stop and restart the automountd daemon after making changes to existing entries in either a direct or indirect map because it is stateless. You can modify existing entries in both direct and indirect maps at any time The new information is used when the automountd daemon next uses the map entry to perform a mount.

You can modify the master map entries or add entries for new maps. However, you must run the automount command to make these changes take effect.

A modification is a change to options or resources. A change to the key (the mount point) or a completely new line is considered to be an added or deleted entry or both.

Solaris Operating Environment System Administration I & II

Page 433 of 563

Solaris SA 1 & 2 - Training Material

Use Table 7-1 to determine whether you should run (cr re-run) the automount command.

Table 7-1

Using Automount Maps

Automount

Run if Entry is Added or Run if Entry Modified Deleted is

auto__master

Yes

Yes

direct map

Yes

No

indirect map

No

No

Note - There is no harm in running the automount command to rescan the maps, even if it is not required.

Solaris Operating Environment System Administration I & II

Page 434 of 563

Solaris SA 1 & 2 - Training Material

The Client autofs File System The autofs file system is a kernel file system that supports automatic mounting and unmounting. When you make a request to access a file system at an autofs mount point, the following occurs: 1.

The autofs file system intercepts the request.

2.

The autofs file system sends a message to the automountd daemon for the requested file system to be mounted.

3.

The automountd daemon locates the file system information in a map and performs the mount.

4.

The autofs file system allows the Intercepted request to proceed.

5.

The automountd daemon will unmount the file system after a period of inactivity.

Note - Mounts managed through the autofs service should not be manually mounted or unmounted. Even if the operation is successful, the autofs file system does not check that the object has been unmounted/ resulting in possible inconsistency. A reboot clears all of the autofs mount points. .

Multi-threaded autofs The new autofs automount daemon is now fully multi-threaded. This enables concurrent servicing of multiple.mount requests and increases reliability.

Solaris Operating Environment System Administration I & II

Page 435 of 563

Solaris SA 1 & 2 - Training Material

Automount Administration The following procedure describes how to set up remote access to a resource in the Solaris Operating Environment that is located on an NFS server, using the automountd daemon.

Setting up a Direct Map This example demonstrates how to set up remote access to the man pages located on an NFS server.

1.

# Master map #. +auto_master /net /home //xfn

Edit the /etc/auto_master file to add a direct map entry.

for automounter

-hosts auto_home auto_direct -xfn

2.

/usr/share/man

Create a new file called /etc/auto_direct and add the following entry for the directory you want to automount. Replace server with the host name of your server.

-ro

3.

-nosuid.nobrowse -nobrowse

server./usr/share/man

Make the changes effective.

# automount -v automount: /usr/share/man mounted automount: no unmounts

Solaris Operating Environment System Administration I & II

Page 436 of 563

Solaris SA 1 & 2 - Training Material

Setting up an Indirect Map Complete the following steps to set up an indirect map: 1.

Edit the /etc/auto_master file. Add the patch directory and map.

# Master map for automounter # + auto_master /net -hosts /home auto_home /services auto_patch. /xfn -xfn

2.

-nosuid, nobrowse -nobrowse

Create an /etc/auto_patch map. Enter the patch directory name on the client and the server pathname. The following example illustrates the indirect map content.

# Patch directory map for automounter # patch serverl:/export/patch

3.

Make the changes effective.

# automount -v

Solaris Operating Environment System Administration I & II

Page 437 of 563

Solaris SA 1 & 2 - Training Material

CHAPTER - 21

CACHE FS

Objectives Upon completion of this module, you should be able to: •

Describe the CacheFS file system

•

Use the appropriate commands to configure the CacheFS file system

•

Use the appropriate commands to check the status and consistency of the CacheFS file system

•

Set up CacheFS file system logging

•

Describe the steps necessary to perform a check of the CacheFS file system

•

List the steps to dismantle and delete a CacheFS file system

Solaris Operating Environment System Administration I & II

Page 438 of 563

Solaris SA 1 & 2 - Training Material

CacheFS File System You can use the CacheFS file system to improve the performance of remote file systems (such as NFS), or slow devices, such as CD-ROM drives.

Figure 8-1

CacheFS Diagram

When you enable the CacheFS file system, the data read from the remote file system or CD-ROM is stored in a disk-based cache on the local system. Subsequent read requests to the same data are fulfilled by the local cache, which improves read performance.

Note - This has no effect on the NFS server; it affects only the client. Solaris Operating Environment System Administration I & II

Page 439 of 563

Solaris SA 1 & 2 - Training Material

Solaris Operating Environment System Administration I & II

Page 440 of 563

Solaris SA 1 & 2 - Training Material

3.

Mount the remote file system and implement a CacheFS file . system.

# mount -F cachefs -o backfstype=nfs, cachedir=/cache/cache0, \ cacheid=data_cache hostl: /export/data /data

4.

•

The remote resource is mounted as a CacheFS file system.

•

The source file system type (backfstype) is nfs.

•

You must specify the cachedir.

•

The cacheid is optional, but it can provide a convenient userdefined label lo identify this CacheFS mount for subsequent administration commands.

•

The remote resource is hostl: /export/data and local users 'l access it through the /data mount point.

Use the mount: command (o verify the mount.

# mount / on /dev/dsk/c0t0d0s0 read/write/setuid/larciefiles on Thu May 11 15:55:34 2000 /proc on /proc read/write/setuid on Thu May 11 15:55:34 2000 /dev/fd on fd read/write/setuid on Thu May 11 15:55:34 2000 /tmp on swap read/write on Thu Hay 11 15:55:35 2000

/data on /cache/cache0/ .cfs_mnt_points/hostl :_export_data backfstype=nfs/cachedir-/'cache/cacheO/cacheid-data_cache on Thu l-lay 11 06:38:43 2000

You could automate (his mount by adding a line similar lo the following to the /etc/vfstab file:

hostl:/export/data - /data cachefs - yes backfstype=nfs, cachedir=/cache/cacheO,cacheid=data_cache

The cache is now used when local users access the resource through the local /data mount point.

Solaris Operating Environment System Administration I & II

Page 441 of 563

Solaris SA 1 & 2 - Training Material

Cache FS Cache Directory Details

Figure 8-3 illustrates areas of the underlying cache directory hierarchy:

cache

cache0

(Link) 0000000000049071 (Cached data)

data_cache

.cfs_mnt points

hostl: _export_data

Figure 8-3

CacheFS Cache Directory Structure

The following describes the cache directory hierarchy: •

For each CacheFS file system being cached in the cache directory, an entry is made in the .cfs_mnt_points directory.

•

If you specify a cache ID string when the CacheFS file system is mounted, this string becomes a symbolic link to the cache data for that file system.

•

Local users access the cached data through the local /data mount point.

Solaris Operating Environment System Administration I & II

Page 442 of 563

Solaris SA 1 & 2 - Training Material

Using Cache FS Terminology The following terms are used when discussing the CacheFS file system: •

Back file system - The original disk-based, network-based, or CD- ROMbased file system that is mounted as a CacheFS file system and cached.

•

Front file system - The mounted file system that is cached and accessed by the user through the local mount point.

•

Consistency -Refers to the state of synchronization between the back and front file systems,

Using CacheFS File System Commands You have the following commands available for administering a CacheFS file system: •

cfsadmin - This command administers the disk space for the cached file system. This includes creating, deleting, and listing the contents of the cache.

•

cachefsstat - This command provides statistics on cache usage.

•

cachef slog - This command establishes a login procedure for the cache.

•

cachefswssize - This command helps determine the working set sizes for CacheFS file systems so that the cache area can be properly sized. This functions only if CacheFS logging is enabled.

Solaris Operating Environment System Administration I & II

Page 443 of 563

Solaris SA 1 & 2 - Training Material

Creating a CacheFS File System Setting up a CacheFS file system is basically a three-step procedure, illustrated in Figure 8-2.

Create cache (cfsadmin)

Create mount_poinl (mkdir)

Mount cachcFS (mount -F cachefs)

Figure 8-2

Setting up a CacheFS File System

This example procedure assumes that & file system (/export/data) on a remote system (hostl) IS available to the local system. Tine local system mounts the resource and caches it.

Note - All commands are executed on the local system.

To set up a CacheFS file system, perform the following steps:

1.

Create a cache using the following command:

# cfsadmin -c /cache/cache0

2.

If one does not already exist, create a local mount point in preparation for mounting the remote file system.

# mkdir /data

Solaris Operating Environment System Administration I & II

Page 444 of 563

Solaris SA 1 & 2 - Training Material

Cache FS Statistics and Consistency Checking To view CacheFS file system statistics you can use the cachefsstat: command. To check consistency, use the cfsadmin command.

The cachefsstat Command You use cachefsstat command to display cache statistics. It displays information that describes the effectiveness of your cache.

The following output shows statistics for a newly created cache:

# cachefsstat /data /data cache hit rate: consistency checks: modifies: garbage collection:

100% ( 8 hits, 0 misses) 24 (24 pass, 0 fail) 0 0

By default, automatic cache consistency is enabled. The files in the cache are checked against the originals in the back file system (on the server) and updates are performed on the client's front file system. The pass value (24 in this example) indicates the number of consistency checks performed. The fail value (0 here) indicates the number of updates that have been performed.

The value in the hit rate indicates the efficiency of the cache. The hits indicate the instances when the cached file was used and access to the original file avoided. The miss value indicates when there was not a cached copy of the file and the back file system copy was accessed.

To collect status over a specific period of time, you can first zero the cachefs counters. To zero all cachefs counters, use the following command:

# cachefsstat -z

Solaris Operating Environment System Administration I & II

Page 445 of 563

Solaris SA 1 & 2 - Training Material

The dernandconst Option You can disable the automatic consistency checks by using the demandconst option for the mount command (see the mount_cachefs(l) man page for more information). This should be done only when the back file system is static or the back and front file systems do not need to be synchronized. For example, if the back file system is a read-only file system on a CD-ROM, there is no need to enable consistency checking.

The cfsadmin Command If automatic consistency checking is disabled by using the demandconst option, the following cfsadmin command manually invokes a consistency check and performs any necessary updates:

# cfsadmin -s /data

Solaris Operating Environment System Administration I & II

Page 446 of 563

Solaris SA 1 & 2 - Training Material

Enhancing CacheFS File System Caching You can have additional control of the caching mechanism for CacheFS file systems by doing the following: •

Set the number of data blocks used by the cache as a percentage of the front file system. Refer to the cfsadmin(lM) man page for details.

Note - these percentages can be enforced only if the CacheFS file subsystem is given exclusive access to the front file system. •

Set the minimum and maximum number of files that the CacheFS file system can use as a percentage of the files in the front file system.

The following display of cache statistics shows the default values:

# cfsadmin-1 /cache/cache0 cfsadmin: list cache FS information maxblocks 90% minblocks 0% threshblocks 85% maxfiles 90% minfiles 0% threshfiles 85% maxfilesize 3MB data_cache

where: •

maxblocks - Maximum amount of storage space that CacheFS can use, expressed as a percentage of the total number of blocks in the front file system.

•

minblocks - Minimum amount of storage space (expressed as a percentage of the total number of blocks in the front file system) that CacheFS is always allowed to use without limitation by its internal control mechanisms.

•

threshblocks - A percentage of the total blocks in the front file system beyond which Cache-FS cannot claim resources once its block usage has

Solaris Operating Environment System Administration I & II

Page 447 of 563

Solaris SA 1 & 2 - Training Material

reached the level specified by minblocks. •

maxfiles - Maximum number of files that CacheFS can use, expressed as a percentage of the total number of inodes in the front file system.

•

minfiles - Minimum number of files (expressed as a percentage of the total number of inodes in the front file system) that CacheFS is always allowed to use without limitation by its internal control mechanisms.

•

threshfiles - A percentage of the total inodes in the front file system beyond which CacheFS cannot claim inodes once its usage has reached the level specified by mint lies.

•

maxfilesize - Largest file size (expressed in Mbytes) that CacheFS is allowed to cache.

These parameters are specified with the -o option, with multiple parameters separated by commas. Refer to the cfsadmin(1M) man page for more details. You can change these parameters only when you create 'the cache.

Solaris Operating Environment System Administration I & II

Page 448 of 563

Solaris SA 1 & 2 - Training Material

Sizing the Cache You use the cachefswssize command to determine the current size of the data in the cache. This includes the amount of cache space needed for each file system that was mounted under the cache, as well as a total. Before using the cache fswssize command, you must enable cachefs logging. Before you enable the cachefs logging, you must create the directory for the log files.

# mkdir /var/cachelogs

The following command creates and begins a cachets log:

# cachef slog -f /var/cachelogs /data, log /data /var/cachelogs/data.log: /data

In the previous command, a cache log called /var/cachelogs/date. log was created for the CacheFS file system mounted locally as /data.

You can change the cache log at any time. The following command is an example of changing the log file to: /var/cachelogs/date_new.log:

# cachefslog -f /vax/cachelogs/dsta_new_062100.1og /data /var/cachelogs/data_new_062100.1og: /data

At any time, you can determine the current log file. The following is a sample command that describes how to do this: # cachefslog /data /var/cachelogs/data_new_062100.1og: /data You can stop and verify logging using the following commands: # cachefslog -h /data not logged: /data # cachefslog /data not legged: /data

Solaris Operating Environment System Administration I & II

Page 449 of 563

Solaris SA 1 & 2 - Training Material

Once you enable logging, you can check the size of the cache # cachefswssize /vax/cachelogs/data, log

total for cache initial size: end size: high water size:

4256k 511k 511k

Solaris Operating Environment System Administration I & II

Page 450 of 563

Solaris SA 1 & 2 - Training Material

Cache FS File System Integrity You use the fsck(lM) command to check and repair the integrity of file systems.

To check the integrity of the CacheFS file system, perform the following steps: 1.

Unmount the CacheFS file system before invoking the fsck command.

2.

Use the following command to check and repair the CacheFS file system:

# mount /data

# fsck -F cachets -o noclcan /cache/cached

The -F option informs the fsck command that the type of file system to check is the CacheFS file system type. The -o nod can option is used to force fsck to perform a check even if it determines that a check is not necessary.

3.

Use the mount command to enable access to the repaired CacheFS file, system.

# mount -F cachefs -o backfstype=nfs,cachedir=/cache/cache0, \ cacheid=data_cache host1:/export/data /data

Solaris Operating Environment System Administration I & II

Page 451 of 563

Solaris SA 1 & 2 - Training Material

Dismantling a Cache FS File System Implementing a CacheFS file system can be an interim measure for enhancing performance. You can delete a CacheFS file system and recreate it at a later time.

Note - Deleting a CacheFS file system (that is, deleting its cached copy) has no effect on the original back file system.

You can mount more than one back file system as a CacheFS file system and cache it in the same caching directory. You can dismantle one CacheFS file system, leaving others intact. You can also dismantle all the CacheFS file systems in the caching directory. To dismantle a CacheFS file system, perform the following steps:

1.

If necessary, warn users that their access to the CacheFS file system will be interrupted.

2.

Determine the cache ID for the CacheFS file system you intend to delete. The ID string is located in the last line of the output of the following command. The remainder of the output is covered later in this module.

# cfsadmin -1 /cache/cache0 cfsadmin: list cache FS information maxblocks 90% minblocks 0% threshblocks 85% maxtiles 90% minfiles 0% thresh file 85% maxfilesize 3MB data cache .

3.

Unmount all CacheFS file systems that share the same cache directory with the one you intend to delete. The examples in this module use only one cache directory, so the command is

# umount: /data

Solaris Operating Environment System Administration I & II

Page 452 of 563

Solaris SA 1 & 2 - Training Material

4.

Delete the CacheFS file system.

# cfsadmin -d data_cache /cache/cache0

Note -To delete all CacheFS file systems in the cache directory, use the cfsadmin -d all command.

5.

If some CacheFS file systems remain after others are deleted, use the fsck command to correct the resource counts in the cache directory.

# fsck -F cachefs -o noclean /cache/cached

6.

Remount the remaining CacheFS file systems.

Solaris Operating Environment System Administration I & II

Page 453 of 563

Solaris SA 1 & 2 - Training Material

CHAPTER - 22

NAMING SERVICES OVERVIEW

Objectives Upon completion of this module, you should be able to: •

Describe the concept of a naming service

•

List the available naming services

•

Compare the functionality of naming services

•

Describe the name service switch process and determine which configuration is appropriate for your network

Solaris Operating Environment System Administration I & II

Page 454 of 563

Solaris SA 1 & 2 - Training Material

Name Services Overview The name service concept centralizes the shared information in your network. A single machine, the name server, maintains the information previously maintained on each individual host. The name servers provide information, such as host names and IP addresses user names, passwords, and automount maps.

Other hosts in your network, clients, request the information from the name server. This name server system responds to clients, and translates or resolves their requests from its memory-based (cached) or disk database(s).

Figure 11-1

Overview of Name Service Functionality

Solaris Operating Environment System Administration I & II

Page 455 of 563

Solaris SA 1 & 2 - Training Material

The name service concept provides: •

Ease of management: ¾ Single point of administration ¾ Consistent information ¾ Uniform view of network

•

Immediate reflection of changes to all clients

•

Assurance that clients do not miss updates In a file-based scheme, updates received using ftp or copied in some way to client machines could be missed if a host were do\vi or off the network when the changes were propagated.

•

Secondary servers prevent a single point of failure While a single master server is all that is required, the name service scheme allows for the creation of secondary servers (sometimes referred to as slaves or replicas). These secondary servers maintain a copy of the master's database, receive changes and updates to the database from the master, and participate in client resolution. As such, they not only overcome a single point o failure, but also play a role in increased network performance.

Available Name Services Some common name service solutions address specific needs or architectures, as follows: •

Domain Name Service (DNS) - This name service is used within n TCP/IP network to translate host names to their associated IP addresses.

•

Network Information Service (NIS) - This name service provides a centralized lookup for LAN resources, such as user accounts, host names and addresses, services, automount maps, and other key files that would otherwise be needed on each host of the LAN.

Solaris Operating Environment System Administration I & II

Page 456 of 563

Solaris SA 1 & 2 - Training Material

•

Network Information Service Plus (NIS+) - This name service provides a centralized lookup location for LAN resources. However, NIS+ is greatly expanded to support today's intranet with the features of a hierarchical naming structure, distributed administration, built-in security authentication, and cross-domain lookups.

•

Lightweight Directory Access Protocol (LDAP) - This name service extends the naming services with a directory service. While a naming service allows you to look up an object given its name, a directory service also allows these objects to have attributes. Therefore, in addition to lookup, you can also get the attributes for these objects or search for objects given their attributes. LDAP is only one implementation of a directory service.

Solaris Operating Environment System Administration I & II

Page 457 of 563

Solaris SA 1 & 2 - Training Material

DNS Overview

The DNS is application software that primarily provides for the distributed administration of IP addresses throughout the Internet. It also does the following: •

It enables local administrators to maintain information about their own local hosts and enables them to share this information with others throughout the Internet,

•

It is commonly implemented by the Berkeley Internet Name Domain (BIND)) software developed at the University of California at Berkeley. Sun uses aport of the BIND software.

You can use DNS to resolve host name and IP address requests on the intranet. If you connect your network to the Internet, you must use DNS because it is the name service used to resolve host name and IP address requests, and organize the millions of hosts and domains, on the Internet.

A domain is a collection of network hosts that share some common information. DNS domain names are dot-notated, and the names of hosts within the domain include the host name plus the domain name. For example, the host merton in the domain sun . com would be known to other systems, outside of the domain, as merton. sun. com.

All hosts known to DNS are included within the DNS namespace. The DNS namespace is divided into hierarchical domains. The namespace begins with the root (.) domain and includes all subdomains. Figure 11-2 on page 11-6 shows several top-level domains.

Solaris Operating Environment System Administration I & II

Page 458 of 563

Solaris SA 1 & 2 - Training Material

Figure 11-2

Top-Level Domains

The DNS nsswitch Template

The nsswitch template file for DNS .is in /etc/nsswitch.dns, and the keyword is dns.

Top-Level Domains The top-level domains are administered by Network Solutions, the NS1 registry. Administration of the lower-level domains is delegated to the various organizations that are a part of the Internet.

The top-level domain you choose can depend on which one best suits the needs of your organization. Large organizations tend to use the organizational domains while small organizations or individuals often , choose to use a country code.

Solaris Operating Environment System Administration I & II

Page 459 of 563

Solaris SA 1 & 2 - Training Material

Network Information Service Overview NIS focuses on making network administration more manageable by providing centralized control over a variety of network information. NIS stores information about workstation names and addresses, users, the network itself, and network services. This collection of network information is referred to as the NIS namespace.

NIS Domains NIS uses domains to arrange the machines, users, and networks in its namespace. However, it does not use a domain hierarchy, therefore, an NIS namespace is flat.

You cannot directly connect a NIS domain to the Internet using just NIS. However, organizations that want to use NIS and also be connected to the Internet can combine NIS with DNS. You can use NIS to manage all local information and use DNS for Internet host lookup. NIS provides a forwarding service that forwards host lookups to DNS if the "information cannot be found in a NIS map. The Solaris Operating Environment also allows you to set up the nsswitch, conf file so that lookup requests from hosts go only to DNS, or to DNS and then NIS if the requests are not found by DNS, or to NIS and then DNS if the requests are not found by NIS.

Client-Server Arrangement By running the NIS service, you can distribute administrative database maps among a variety of servers (master and slaves) and update those databases from a centralized location in an automatic and reliable fashion to ensure that all clients share the same name service information in a consistent manner throughout the network.

NIS Maps

NIS namespace information is stored in NIS maps. NIS maps were designed to replace UNIX /etc files, as well as other configuration files, so they store more than names and addresses. As a result, the namespace has a large set of maps.

NIS maps are database files created from source files in the /etc directory (or a special directory you specify). The NIS domain maps typically include the following files:

Solaris Operating Environment System Administration I & II

Page 460 of 563

Solaris SA 1 & 2 - Training Material

• • • • • • • •

auto_home auto_master bootparams ethers group hosts netgroup netmasks

• networks • protocols • passwd • rpc • services • aliases • timezone • IP nodes

Note - NIS administrators can also create custom maps for their Specific network, environment needs.

The NIS nsswitch Template The nsswitch template for NIS is /etc/nsswitch.nis and the keyword is nis.

Solaris Operating Environment System Administration I & II

Page 461 of 563

Solaris SA 1 & 2 - Training Material

The NIS+ Environment NIS+ enables you to store information about workstation addresses, security information, mail information, Ethernet interfaces, printers, and network services in locations where all workstations on a network can have access to it.

NIS+Namespace The NIS+ namespace is dynamic because updates can occur and be put into effect at any time by any authorized user.

The NIS+ namespace is hierarchical, and similar in structure to the DNS name service. The hierarchical structure allows you to configure a NIS+ namespace to conform to the logical hierarchy of an organization. The namespace's layout of information is unrelated to its physical arrangement. Thus, you can divide a NIS+ namespace into multiple domains that can be administered autonomously. Clients can have access to information in other domains, in addition to their own if they have the appropriate permissions.

Solaris Operating Environment System Administration I & II

Page 462 of 563

Solaris SA 1 & 2 - Training Material

An Example of the NIS+ Hierarchical Namespace A software company named Solar, Inc. (solar.com), with three divisions: Engineering (eng), Sales (sales) and Finance (fin). Set up the NIS-f namespace hierarchy illustrated in Figure 11-3. Each branch represents a domain. The Engineering branch has subdomains for development and software.

solar.com.

eng.solar.cam

dev.eng.solar.com

Figure 11-3

sales.solar.com

fin.solar.com

soft.eng.solar.com

NIS + Hierarchical Namespace

Solaris Operating Environment System Administration I & II

Page 463 of 563

Solaris SA 1 & 2 - Training Material

NIS+ Tables The objects controlled in N1S are maps, and the objects controlled in NIS+ are tables.

Each NIS+ domain can contain the following table objects:

• auto_home

• netgroup

• auto_master

• netmasks

• bootpararas

• networks

• client_info

• passwd

• cred

• protocols

• ethers

• rpc

• group

• sendmail

• hosts

• services

• mail aliases

• timezone

The NIS+ nsswitch Template The nsswitch template for NIS+ is /etc/nsswitch.nispus and keyword is nisplus.

Solaris Operating Environment System Administration I & II

Page 464 of 563

Solaris SA 1 & 2 - Training Material

Lightweight Directory Access Protocol (LDAP) Overview .

The implementation of NIS within the Solaris Operating Environment provided a mechanism for advertising (identifying and locating) network objects and resources. Two major drawbacks are its flat structure (a single domain) and the proprietary nature of the naming services. NIS+ is an improvement to the NIS structure. NIS+ is built in a hierarchical structure so that it more closely resembles the internal structure of an organization and, therefore, it can access multiple domains (provided the authorization and authentication features are properly enabled). However, like NIS, NIS+ is somewhat proprietary (Every organization cannot access the information). These proprietary naming services are often decipherable only from within an organization or group of organizations (and sometimes from within a particular application), and they create islands of information that must translate requests for information from the World Wide Web. With the implementation of standardized directory services, an organization can configure one or more servers to direct requests for information through the organization to the appropriate servers. A standardized directory service implies that all participating organizations adhere to a common rule set for hierarchical naming structures, authorization and authentication practices, and configuration of various other attributes. The X.500 Directory Access Protocol (DAP) is one such standard; however, when organizations attempt to implement it, many find it difficult, to administer, and this becomes a barrier to the success of the directory server concept as a whole. Additionally, implementation of the X.500 structure often requires the power and resources of a UNIX system, thus putting up a barrier to the world of personal computer users. It is readily apparent that an easier: to administer, lighter weight protocol is needed, so more than 40 companies have joined with Netscape and the University of Michigan to support a Lightweight Directory Access Protocol (LDAP) as a proposed standard for Internet directories.

Solaris Operating Environment System Administration I & II

Page 465 of 563

Solaris SA 1 & 2 - Training Material

Common Uses of LDAP LDAP is useful when you need a resource locator; however, it is practical only in read-intensive environments where you do not need frequent updates. You can use LDAP as a repository for the same information stored in NIS and NIS+. The following lists some common uses: •

A resource locator for an online phone directory. Authorized users can update it as necessary to maintain its accuracy. This eliminates the need for a printed phone directory (which is outdated as soon as a change is made following the printing).

Note - LDAP is useful for phone directories that are updated relatively infrequently, but would be ineffective for sales transaction databases that center around constantly updating data. •

The address book in most e-mail clients

•

A repository of information for Web-based applications that support sales and inventory-control processes. However, you must keep in mind that heavy-transaction oriented sites are better suited to other relational databases', which are suited to those applications.

•

For automatically locating network resources. It provides a mechanism to locate printers, file servers, and network services.

•

To centralize network management. Instead of maintaining duplicate information across many servers, the LDAP server is configured so that a single director)' can be accessed by all applications.

•

To tighten security. Authorization and authentication attributes can be configured to control access to applications, resources, and modifications.

These are just a-few of the possibilities. The list is limited only by the creativity of the administrators that implement LDAP. LDAP applications are grouped three ways: LDAP used to locate network users and resource?, those used to manage these resources, and those that provide authentication and authorization security features.

The LDAP nsswitch Template The nsswitch template for LDAP is /etc/nsswitch. ldap and the keyword is ldap.

Solaris Operating Environment System Administration I & II

Page 466 of 563

Solaris SA 1 & 2 - Training Material

Conclusion Implementing LDAP as a Solaris naming service is not an easy task. Since LDAP provides a general purpose directory, it is very flexible. However, with flexibility comes complexity. While it does not make sense transitioning from NIS/NIS+ just for the sake of doing it, the future benefits of a consolidated data store, makes it worth exploring.

Solaris Operating Environment System Administration I & II

Page 467 of 563

Solaris SA 1 & 2 - Training Material

The Name Service Switch All Solaris Operating Environment workstations use /etc/nsswitch.conf as the name service switch. The /etc/nsswitch.conf file is used by the operating system for any network information lookups. It is commonly referred to as the name, service switch file. The /etc/nsswitch .conf file determines which sources of information your system uses and the order in which those sources are used.

The nsswitch.conf Configuration Files The Solaris.8 Operating Environment includes the following five templates for the name service switch configuration file: •

/etc/nsswitch. files - The template name service switch file that, when copied to the /etc/nsswitch.conf file, permits only searches of the local /etc files.

•

/etc/nsswitch .dns -The template name service switch file that, when copied to the /etc/nsswitch.conf file, searches only the local /etc files for all entries with the exception of the hosts entry. The hosts entry can be directed to use DNS for lookup.

•

/etc/nsswitch.nis -The template file that uses the NIS database as the primary source of all information except the passwd, group, automount, and aliases maps, which are directed to use the local /etc files first and then the NIS databases. With the name service search order for the passwd and group files established as the local files first followed by the NIS database, there is no need for a plus (+) in the passwd file.

•

/etc/nsswitch .nisplus - The template file that uses NIS+ as the primary source for all information except the passwd, group, automount, and aliases tables, which use the local /etc files first and, then the NIS+ databases.

•

/etc/nsswitch . ldap - The template file that uses LDAP as the primary source for all information except the passwd, group, automount, and aliases tables, which use the local /etc files first and (hen the LDAP databases.

Solaris Operating Environment System Administration I & II

Page 468 of 563

Solaris SA 1 & 2 - Training Material

After determining which naming -service to use, you select the appropriate template file; /etc/nsswitch. files, /etc/nsswitch.dns, /etc/nsswitch.nis, /etc/nsswitch.nisplus, or /etc/nsswitch. ldap and copies it to /etc/nsswitch.conf.

The /etc/nsswitch.nis Template The following example is the default /etc/nsswitch.nis file (which references name service resolution provided by NIS) that is provided with the installation of the Solaris Operating Environment software:

# # /etc/nsswitch.nis: # # An example file that could be copied over to /etc/nsswitch.conf; it # uses NIS (YP) in conjunction with files. # # "hosts:" and "services:" in this file are used only if the # /etc/netconfig file has a “-" for nametoaddr_libs of "inet" transports, jade!7 # the following two lines obviate the “+" entry in /etc/passwd and /etc/group. passwd: files nis group: files nis # consult /etc "files" only if nis is down. hosts: nis [NOTFOUND=return] files ip nodes: files # Uncomment the following line and connvent out the above to resolve # both IPv4 end IPv6 addresses from the ipnodes databases. Note that # IPv4 addresses are searched in all of the ipnodes databases before # searching the hosts databases. Before turning this option on, consult #the Network Administration Guide for more details on using IPv6. networks: nis [NOTFOUND=return] files protocols: nis [NOTFOUND=return] files rpc: nis (NOTFOUND=return] files ethers: nis [NOTFOUND=return] files netmasks: nis [NOTFOUND=return] files bootparams: nis (NOTFOUND=return) files publickey: nis [NOTFOUND=return] files netgroup:

nis

automount:

files nis

Solaris Operating Environment System Administration I & II

Page 469 of 563

Solaris SA 1 & 2 - Training Material

aliases:

files nis

# for efficient getservbyname() avoid nis services: sendmailars: printers:

files nis files user files nis

auth_attr: prof_attr:

files nis files nis

This example /etc/nsswitch.nis file identifies NIS as the only source of data for hosts, netgroup, and netmasks entries. Alternatively, the lines for passwd, group, and automount have files followed by nis. This indicates that the system uses the local files first and the NIS database second for lookups.

If you are using-NIS as the naming service, copy the /etc/nsswitch.nis file to the /etc/nsswitch.conf file.

Solaris Operating Environment System Administration I & II

Page 470 of 563

Solaris SA 1 & 2 - Training Material

Modification of the /etc/nsswitch.conf File After copying the appropriate template file to /etc/nsswitch.conf, you might have to modify the file to enable the operating system to access network information. For example, to enable hosts to be resolved using local files first, DNS second, and NIS third, the line for hosts would appear as follows:

hosts:

files

dns

nis

Conversely, to restrict login access to only those users with local accounts, you can remove nis from the line for passed as in this example:

passwd:

files

The name service switch file contains a list of over 19 databases, their name service sources for resolution, and the order in which these sources are searched. As shown in Table 11-1, one or more sources from this list can be specified for each database.

Table 11-1 Database Sources

Source

Description

files

Refers to the client's local /etc files

nisplus

Refers to an NIS+table

nis

Refers to an NIS map

user

Applies to the printers entry,

dns

Applies only to the hosts entry

ldap

Refers to a Directory Information Tree (D1T)

compat

Supports an old-style "+" syntax for passwd and group information

Solaris Operating Environment System Administration I & II

Page 471 of 563

Solaris SA 1 & 2 - Training Material

Name Service Switch Status and Action Values Suppose the default /etc/nsswitch.nis file shown on page 11-16 was copied to the /etc/nsswitch.conf file. The name service switch now presents some action values for several of the entries. The naming service search for resolution from the source specified returns a status code that presents an appropriate value in response to the user requesting NIS information. Table 11-2 describes these status codes.

Table 11-2 Name Service Search Return Status Codes Status Code

Description

SUCCESS

Requested entry was found

UN AVAIL

Source was unavailable

NOTFOUND

Source contains no such entry

TRYAGAIN

Source resumed "I am busy, try later" message

Actions For each status code, two actions are possible. Table 11-3 describes these actions. Table 11-3 Status Code Actions Action

Description

continue

Try the next source

return

Slop looking for the entry

The default actions are •

SUCCESS = return

•

UNAVAIL = continue

•

NOTFOUND = continue

•

TRYAGAIN = continue

Solaris Operating Environment System Administration I & II

Page 472 of 563

Solaris SA 1 & 2 - Training Material

The following entry assumes that the NIS name service is running, the syntax for this entry means that only the NIS hosts table is searched. If a NIS server has no map entry for a host lookup, the system would not reference the local files. Remove the [NOTFOUND=return] entry if you want to search the NIS hosts table and the local hosts file.

hosts: nis [NOTFOUND=return] files Table 11-4 shows the naming service features. Table 11-4 Naming Service Features Files

NIS

NIS+

DNS

LDAP

Intended Scope (Best fit)

Small local network LAN

LAN

Multiple LANs

LAN WAN

LAN WAN

Name space

Flat

Flat

Hierarchical

Hierarchical

Hierarchical

Template for nsswitch . nsswitch. files conf

nsswitch .nis nsswitch . nisplus

nsswitch . dns nsswitch . ldap

Object that stores information

Map

Zone files

File

Table

Solaris Operating Environment System Administration I & II

Directory ' information tree (DIT)

Page 473 of 563

Solaris SA 1 & 2 - Training Material

CHAPTER - 23 NETWORK INFORMATION SERVICE (NIS )

Objectives Upon completion of this module, you should be able to: •

Describe the NIS components, master server, slave server, and client, and the NIS processes

•

Configure an NIS master, slave, and client

•

List tine steps to add a new NIS map

•

Use commands to update and propagate an NIS map

Solaris Operating Environment System Administration I & II

Page 474 of 563

Solaris SA 1 & 2 - Training Material

Introduction to NIS Concepts NIS enables the creation of server systems that act as central repositories for several of the administrative files found on UNIX systems. The benefits of NIS include: •

Centralized administration of files

•

Better scaling of file administration as networks grow

As Figure 12-1 illustrates, NIS is organized into named administrative domains. Within each domain exists one NIS master server, zero or more slave servers, and one or more clients.

Client Figure 12-1

NIS Domains

NIS Master Server Within each domain, the NIS master server. •

Contains the original /etc ASCII files used to build the NIS maps

•

Contains the NIS maps generated from the ASCII files

•

Provides a single point of control lo: the entire NIS domain

•

Is easy to set up

Solaris Operating Environment System Administration I & II

Page 475 of 563

Solaris SA 1 & 2 - Training Material

NTS Slave Servers Within each domain, the NIS slave servers: •

Do not contain the original /etc ASCII files (which are used to build the NIS maps)

•

Contain copies of the NIS maps copied from the NIS master server

•

Provide a backup repository for NIS map information

•

Provide redundancy in case of server failures

•

Provide load sharing on large networks

NIS Clients Within each domain, ( NIS clients: •

Do not contain the original /etc ASCII files (which are used to build the NIS maps)

•

Do not contain any NIS maps

•

Bind to the master server or a slave server to obtain access to the administrative file information contained in that server's NIS maps

•

Dynamically rebind to another server in case of server failure

•

Make all appropriate system calls aware of NIS

Note - All hosts in the NIS environment are clients, including the NIS master and slaves.

Solaris Operating Environment System Administration I & II

Page 476 of 563

Solaris SA 1 & 2 - Training Material

NIS Processes The two main processes involved in the running of an NIS domain are: •

ypserv - Rims on master and slave servers

•

ypbind - Runs on master and slave servers, as well as client systems

There are three daemons that used in an NIS domain on the master server: •

rpc.yppasswdd

•

ypxfrd

•

rpc.ypupdated

Figure 12-2 illustrates a domain with these NIS processes arid daemons.

Figure 12-2

NIS Processes and Deamons

Solaris Operating Environment System Administration I & II

Page 477 of 563

Solaris SA 1 & 2 - Training Material

Troubleshooting NFS Errors You can discover most NFS problems through console messages or symptoms on a client,

rpcbind Failure Error Error Message nfs mount: server:: RPC: Rpcbind failure RFC: Timed Out nfs mount: retrying: /mntpoint

This message is displayed on the client during the boot process or in response to an explicit mount request. It indicates a problem accessing the server. This error can occur due to the combination of an incorrect Internet address and a correct host or node name in the hosts database file supporting the client node. This error can also occur whenever the hosts database file supporting the client is correctly specifying the server node, but the server node is extremely overloaded, temporarily stopped, or crashed.

Solution Complete the following step: 1.

If the server node is operational, determine if the server is out of critical resources (for example, memory, swap, or disk space).

Note - This example was caused by temporarily shutting down the server node and then attempting (through the command line) to have it service an NFS mount request from a client node.

Solaris Operating Environment System Administration I & II

Page 478 of 563

Solaris SA 1 & 2 - Training Material

Server Not Responding Error

Error Message

NFS server server2 not responding, still trying This message is displayed during the boot process or in response to an explicit mount request and indicates a known server that is unreachable.

Solution Complete die following steps: 1.

Check to see if the network between the local system and the server is down by using the ping command (ping server2).

2.

Check to see if the server (server2) is down.

NFS Client Fails a Reboot Error Error Condition

An NFS client fails a reboot without producing an error message. This error condition is encountered whenever an administrator attempts to restart an NFS client node using an init 6 or reboot command. The client node correctly reboots up to the point where the system echoes:

Setting default interface for multicast: add net 224.0.0.0: gateway: client_node_name. The client node does not finish the proper boot sequence and does not generate any error messages. These symptoms arc consistent with a client requesting an NFS mount using an entry in the /etc/vfstab file, which specifies a hard mount in the foreground (the default option), to an NFS server that is not operational.

Solaris Operating Environment System Administration I & II

Page 479 of 563

Solaris SA 1 & 2 - Training Material

Solution Complete the following step:

1.

If the NFS is available and failing: a.

Reset the failed client node and boot it in single-user mode.

b.

Once in single-user mode, edit the /etc/vfstab file so that you comment out the NFS mounts.

c.

Continue with the boot cycle up to the default run level (normally 3) by pressing Control-d

d.

Using the information in the /etc/vfstab file, determine if all the NFS servers are operational and functioning properly.

e.

After you have determined which NFS server(s) have failed, and you have resolved any outstanding problems with them, remove the comments placed in the /etc/vfstab file.

Note - An alternative to adding the comments to the /etc/vfstab file entries can be altering those entries to use the soft mount and background activation options.

Stopped Server Error Error Message

nfs mount: dbserver: NFS: Service not responding nfs mount: retrying: /mntpoint

This message is displayed during the boot process or in response to an explicit mount request and indicates a server that is reachable is not running the nfsd server daemons.

Solaris Operating Environment System Administration I & II

Page 480 of 563

Solaris SA 1 & 2 - Training Material

Solution Complete the following steps: 1.

Use the who -r command on the server to see if it is at run level 3. If it is not, change to run level 3 using the init 3 command.

2.

Use the ps -ef command on (lie server to check whether the nfsd daemon and NFS server daemons are running. If they are not, start them with the /etc/init.d/nfs.server script and the start keyword.

Program Not Registered Error Error Message nfs mount: dbserver: RPC: Program not registered nfs mount: retrying: /mntpoint

This message is displayed during the boot process or in response to an explicit mount request and indicates a server that is reachable is not running the /usr/lib/nfs/mountd server daemon.

Solution Complete the following steps: 1.

Use the who -r command on the server to see if it is at run level 3. If it is not, change to run level 3 using the init 3 command.

Note - If you used the shutdown command to bring the system down to the single-user mode from run level 3, the who -r command might be disabled. Rebooting the system re-enables the command.

2.

Use the ps -ef command on the server to see if the mount daemon is running. If it is not, start it by invoking the /etc/init .d/nfs server script first with a stop flag and then with a start flag.

3.

Chock or verify your /etc/dfstab entries.

Solaris Operating Environment System Administration I & II

Page 481 of 563

Solaris SA 1 & 2 - Training Material

Stale File Handle Error Error Message

stale NFS file handle This message is displayed when a process attempts to access a remote file resource and the file handle is out of date. Solution

The file resource might have been moved on the server Complete the following step:

1.

Unmount and mount the resource again on the client.

Unknown Host Error

Error Message nfs mount: server:: RPC: Unknown host This message indicates that the host name of the server on the client is missing, or not in the hosts table, Solution Complete the following step: 1.

Determine if the host name in the hosts database supporting the client node is correctly specified.

Note - This example has the node name server 1 misspelled.

Solaris Operating Environment System Administration I & II

Page 482 of 563

Solaris SA 1 & 2 - Training Material

Mount Point Error Error Message mount: mount-point /DS9 does not exist.

This message is displayed during the boot process or in response to an explicit mount request and indicates a nonexistent mount point.

Solution Complete the following step: 1.

Check that the mount point exists on the client and is spelled correctly on the command line or in the /etc/vfstab file; or comment out the entry and reboot.

No Such File Error Error Message

No such, file or directory This message is displayed during the boot process or in response to an explicit mount request and indicates an unknown file resource name on the server. Solution Complete the following step: 1.

Check that the directory exists on the server and is spelled correctly on the command line or in the /etc/vfstab file.

Solaris Operating Environment System Administration I & II

Page 483 of 563

Solaris SA 1 & 2 - Training Material

The ypserv Daemon The ypserv daemon is a utility that •

Runs on master and slave servers

•

Answers ypbind requests from clients

•

Responds to client information requests

The ypbind Daemon The ypbincl daemon is a process that: •

Runs on all NIS systems, servers as well as clients

•

Makes initial client-to-server binding requests

•

Stores binding information in the /vajr/yrVJ3ind.ing/domainriarne directory

•

Rebinds to another server if the connection is lost with the initial server

•

Requests NIS map information at the library-call level

The rpc .yppasswd Daemon The rpc.yppasswd;daemon is a process that: •

Allows users to change their passwords

•

Updates the /etc/passwd and /etc/shadow files on the master server

•

Updates the NIS password map

•

Provides or "pushes" the NIS password map to all slave servers

Solaris Operating Environment System Administration I & II

Page 484 of 563

Solaris SA 1 & 2 - Training Material

The ypxfrd Daemon The ypxfrd daemon is a process that: •

Runs on the NIS master server only

•

Responds to slave requests (using ypxfr) to pull the maps from the master

•

Transfers NIS maps at high speed

The rpc .ypupdated Daemon The rpc.ypupdated daemon is a process that: •

Runs on the NIS master server only

•

Updates the publickey map if secure RPC is enabled

Solaris Operating Environment System Administration I & II

Page 485 of 563

Solaris SA 1 & 2 - Training Material

The Structure of NIS Maps NIS maps are located in the var/yp/domainname directory (where domainname is the name of the NTS domain). There are two files (.pag and . dir file) for each map in this directory.

NIS Maps Filenames The syntax for the NIS maps is: map. /cey.pag or map. key. dir where: •

map - The base name of the map (hosts, passwd, and so on)

•

key ~ The map's sort key (byname, byaddr, and so on)

•

pag - The map's data

•

dir - An index to the .pag file if the . pag file is large

The .dir file can be empty if the .pag file is small.

Solaris Operating Environment System Administration I & II

Page 486 of 563

Solaris SA 1 & 2 - Training Material

Map Contents and Sort Keys The contents of each map is a key and value pair. The key represents the data used to perform the lookup in the map while the value represents the data returned upon a successful lookup. Maps can be duplicated in the /var/yp/domainname directory; they represent the results of the sorting of the map's data based on different keys.

For example, the map /var/yp/domainname /hosts. Byaddr. Pag contains the data for the hosts map indexed by host IP address. Similarly, the /var/yp/domainname/hosts .byname pag map contains the same host data using the host name as the lookup key. For the domain name training, the following would be a list of the NIS map files for the hosts map: •

/var/yp/training/hosts. byname.pag

•

/veor/yp/training/hosts.byname.dir

•

/var/yp/training/hosts .byaddr .peg

•

/var/yp/training/hosts, byaddr.dir

Commands to Read Maps You can use two commands to read maps: •

ypcat [ -k } map - This command is similar to the cat file command

•

ypmatch [ -k ] value map- This command is similar to the grep value file command

Solaris Operating Environment System Administration I & II

Page 487 of 563

Solaris SA 1 & 2 - Training Material

Generating NIS Maps To generate NLS maps, you need the source files, which are located in either the /etc directory on the master server or copied to an alternative directory. You should not keep the source files in /etc because the contents of the maps are then the same as the contents of the local files on the master server. This is a special problem for passwd and shadow files, because ail users would have access to the master server maps and the root password would be passed to all YP clients through the passwd map.

If you choose to locate the source files in another directory, you must modify the /var/yp/Makefile by changing the DIR=/etc line and the PWDIR=/etc line to DIR=/your-choice and PWDIR=/your-choice, where your-choice is the name of the directory you are using to store the source files. This enables you to treat the local files on the server as if they were those of a client. (You should first save a copy of the original Makefile.)

Solaris Operating Environment System Administration I & II

Page 488 of 563

Solaris SA 1 & 2 - Training Material

The following is an excerpt from the default Makefile showing the variable DIR and PWDIR sot' lo their default values:

# Copyright (c) 1998, by Sun Microsystems. Inc. # All rights reserved. # # ident "@(#)Makefile 1-23 98/05/01 SMI" # # ----# It is somewhat confusing to note that Solaris 2.x uses /etc/auto_master # instead of the 4.x /etc/auto. master file name because of NIS+ treating a # “.” in a special way. # # Set the following .variable to -"-b" to have NIS servers use the domain name # resolver for hosts not in the; current domain. # B=-b B=

DIR c=/etc # # If the passwd, shadow and/or adjunct files used by rpc.yppasswad # live in 'directory other than /etc then you'll need to change the # following line. # DO NOT indent the line, however, since /etc/init.d/yp attempts # to find' it with grep ""PWDIR" ... # PWDIR =/etc DOM = ‘domainname’ NOPUSH = "" ALIASES = /etc/mail /aliases YPDIR=/usr/lib/netsvc/yp

Solaris Operating Environment System Administration I & II

Page 489 of 563

Solaris SA 1 & 2 - Training Material

The ypinit Command and the NIS Makefile The NIS maps are generated by the NIS configuration binary, /usr/sbin/ypinit, and the make command. The ypinit command reads the /var/yp/Makef ile for source file locations and converts ASCII source files into NIS maps.

Password Pile For security reasons, and to prevent unauthorized root access, the files used to build the NIS password maps should not contain an entry for root. To do this, copy the files to an alternative directory and modifying the PWDIR entry in the Makefile.

Figure 12-3 on page 12-12 shows the important files on the NIS master

Solaris Operating Environment System Administration I & II

Page 490 of 563

Solaris SA 1 & 2 - Training Material

Configuring the NTS Master Server To set up the NIS name service master server, perform the following steps: 1.

Determine which machines within your network domain will be NIS servers; there will be one NIS master and as many NIS slave as needed. Typically, all systems within (he domain will be NIS clients.

Note - The NIS kit that was supplied with releases before the Solaris 2.6 Operating Environment is no longer provided. NIS is now part of the release rather than a separate file.

2.

Copy the /etc/nsswitch.nis file to /euc/nsswitch.conf and modify it, if necessary.

3.

Choose an NIS domain name. This is usually less than 32 characters in length. (The maximum length is 256 characters.)

4.

Execute the domainname command to set the local NIS domain.

5.

Create an /etc/defaultdomain file with the domain name.

6.

Make sure to maintain the format established by the original files, and update the text files in the /etc directory (all of the files that are used for NIS maps) on the master server with information about the domain.

Note - You can also copy the network information files to some other location on the system and modify them there rather than modifying them in the /etc directory. 7.

Use the touch command to create zero-length files with the following names: /etc/ethers, /etc/bootparams, /etc/locale, /etc/timezone,/etc/netgroup and /etc/netmasks. These files are necessary for the creation of the complete list of NIS maps as directed in the Makefile. When you initialize NIS, you will receive error messages for each of these files if they do not exist.

Solaris Operating Environment System Administration I & II

Page 491 of 563

Solaris SA 1 & 2 - Training Material

8.

Install an updated Makefile in /var/yp if you intend to use KMS on the system that functions as your JumpStartTM server. This provides entries that create a map for the /etc/locale file.

To create a Makefile that supports unassisted jumpStart installation capability, make the following changes:

a.

locale.time:

Add the following text after the existing beginning white space must be tabs:

time entries; all

$(DIR)/locale

-@if [ -f $(DIR)/locale ]; then \ sed -e “/^#/d" -e s/ft.*$$// $(DIR)/locale \ | awk '{for (1=2; i<=NF; i++) print $$i, $$0)' \ I $(KAKEDBM) - $(YPDBDIR)/$ (DOM)/locale.byname; \ touch locale.time; \ echo "updated locale"; \ if [ ! $(NOPUSH) ]; then \ $.(YPPUSH) locale.byname; \ echo “pushed locale"; \ else \ :;\ fi \ else \ echo "couldn't find $(DIR)/locale"; \ fi b.

Append the word locale to the line beginning with the word all.

c.

Add the following line after the auto.home: locale:

9.

auto.home, time entry:

locale.time

Create or populate the file/etc/locale and make an entry for each domain on your network using the following format domainname

locale

For example: classroom.Central .Sun.COM

en_US

Solaris Operating Environment System Administration I & II

Page 492 of 563

Solaris SA 1 & 2 - Training Material

10.

Edit the Makefile, and change every reference to the * .attr to add the security subdirectory to the pathname, as follows:

$(DIR)/auth_attr $(DIR)/exec_attr $(DIR)/prof_attr $(DIR)/audit_user

becomes:

$ (DIR)/security/auth_attr $ (DIR)/security/exec_attr $ (DIR)/security/prof_attr $ (DIR)/security/audit_user

Note - Step 10 is necessary. 11.

Initialize the master server using the local /etc files by executing the ypinit-m command.

# ypinit -m

a.

The program prompts you for a list of slave servers. When you complete your list, press Control-D. You can make entries for all slaves now or rerun the command after you determine that you need more or fewer slave servers.

b.

The program asks if you want to terminate on the first fatal error. If you answer n, the procedure completes the creation of the NIS database files. If you answer y, the process aborts with the first error. You can fix it and restart the ypinit program.

Solaris Operating Environment System Administration I & II

Page 493 of 563

Solaris SA 1 & 2 - Training Material

The following dialog provides the text feedback displayed as the program begins: # ypinit -m

In order for NIS to operate successfully, we have to construct a list of the NIS servers. Please continue to add the names for YP servers in order of preference, one per line. When you are done with the list, type a or a return on a line by itself. next host to add: server1 next host to add: ^D The current list of yp servers looks like this: serverl Is this correct?

[y/n: y] y

Installing the YP database will require that you answer a few questions. Questions will all be asked at the beginning of the procedure. Do you want this procedure to quit on non-fatal errors? [y/n: n] n OK, please remember to go back and redo manually whatever Ceils. It you don't, some part of the system (perhaps the yp itself) won't work.

Note - If you have to restart the ypinit program, you are prompted to destroythe /var/yp/domainname directory. Answer y.

12.

Start the NIS daemons on the master server with the following command:

/usr/lib/netsvx:/yp/ypstart 13.

Once ypbind is running you need to complete the following steps to build the mail. aliases map.

# cd /var/yp # /usr/ccs/bin/make

If you want to slop the NIS service running on the NIS master, issue the following command: # /usr/lib/netsvc/yp/ypstop Caution - Installations that select Core, End User, or Developer software configuration clusters do not have all of the necessary files in the /usr/lib/netsvc/yp to allow a host to function as an NIS server.

Solaris Operating Environment System Administration I & II

Page 494 of 563

Solaris SA 1 & 2 - Training Material

Accessing and Testing the NIS Service The initial way that users access NIS information is during login. When the user types in a user name and password, the NIS database verifies this information before it enables a login shell. If the user's home directory is on a remote system in the NIS domain, the NIS auto_home map will reference the server information and automatically mount the appropriate directory.

There are some informative commands that display information in the NIS database. You can use these commands to test NIS service. The most commonly used NIS commands are:

Note - You do not have to be the superuser to use these commands. •

ypcat - Prints values from the NIS database.

Example: Print the information from the hosts database

$ ypcat hosts 129.0.0.1 192.9.200.1 192.9.200.2 192.9.200.6 192.9.200.8 192.9.200.101 192.9.200.102

localhost hostl loghost host2 host6 hosts serverl server2 •

ypmatch - Prints the value of one or more keys from the NIS database.

Example: Match individual host entries $ Ypmatch hostl sex-verl hosts 192.9.200.1 hostl 192.9.200.101 server Example: Match a specific user in the password database $ ypmatch userl passed userl: Q7icl6NRPEmak: 11001: 10 : Userl: export/home/user1 : /bin/ksh

Solaris Operating Environment System Administration I & II

Page 495 of 563

Solaris SA 1 & 2 - Training Material

•

ypwhich - Returns the name of the NFS server that superuser the NIS map services to an NFS client.

Example: Return the name of the NIS master server $ ypwhich. serverl

When used with the -nv option, the ypwhich command provides a list of all databases and the name of the master server.

Example: List all databases on masterserver $ ypwhich -m auto.home serverl auto.master serverl time zone.byname serverl netmasks.byaddr serverl publickey.byname serverl

Solaris Operating Environment System Administration I & II

Page 496 of 563

Solaris SA 1 & 2 - Training Material

Configuring the NIS Client Typically, you configure all systems within a NIS domain as clients:

3.

1.

Copy the /etc/nsswitch.nis file to /etc.nsswitch.conf and modify it if necessary.

2.

Edit the /etc/hosts file to ensure that the NIS master server and all slave servers have been defined.

Execute the domainname command to set the local NIS domain. For example,

# domainname classroom.Central.Sun.COM

Note – You can use this command to set the name of a domain within a classroom in the central region training center.

4.

Create or populate the /etc/defaultdomain file with the domain name.

5.

Initialize the system as an NIS client with the following command:

6.

When prompted for a list of NIS servers, enter the names of the NIS master and all slave servers.

7.

Start the NIS software with the following command:

# ypinit -c

# /usr/lib/netsvc/yp/ypstart 8.

On the newly configured NIS client, test the NIS functionality by entering the following command:

# ypwhich -m The output should include the name of the NIS master server along with the database maps it is serving.

Solaris Operating Environment System Administration I & II

Page 497 of 563

Solaris SA 1 & 2 - Training Material

Configuring the NIS Slave Server You must have at least one NIS slave server provide backup should the NIS master server become unavailable. You can do this by using the following steps on the system that is designated to become the slave server: 1.

Copy the /etc/nsswitch.nis file to /etc/nsswitch.conf and modify it if necessary.

2.

Edit the /etc/hosts file to ensure that the NIS master and all NIS slave servers have been defined.

3.

Execute the domainname command to set the local NIS domain.

# domainname domainname For example, # domainname classroom.Central,Sun.COM

4.

Create or populate the /etc/defaultdomain file with the domain name. Add a one-line entry to represent the selected domain name (for example, domainname in step 3).

5.

Initialize the system as an NIS client with the following command:

6.

When prompted for a list of NIS servers, enter the NIS master host, followed by the name of the local host and all other NIS slave servers on the local network.

7.

On the NIS master, ensure that the ypserv process is running by running this command:

# ypinit -c

# ps -ef | grep ypserv If it is not running, refer to the previous section on how to start NIS daemons on the master. 8.

Return to the proposed NIS slave system and run ypstart.

# /usr/lib/netsvc/yp/ypstart 9.

Initialize the system as an NIS slave with the following command:

# ypinit -s master Solaris Operating Environment System Administration I & II

Page 498 of 563

Solaris SA 1 & 2 - Training Material

where master is the name of the NIS master.

Note - If you did not add the name of the NIS slave server when you initially configured the NIS master server using the ypinit command, run the ypinit -m command once more on the NIS master server. In the process of updating the NIS master, the script prompts you for confirmation when it is about to destroy the existing domain database Confirm by entering y.

10.

Stop the NIS daemons on the slave server with the following command:

# /usr/lib/netsvc/yp/ypstop

11.

Restart the NIS daemons on the slave server with the following command:

# /usr/lib/netsvc/yp/ypstart

12.

On the newly configured NIS slave server, test the NIS functionality with the following command:

# ypwhich -m The output should include the name of the NIS master server along with a list of database maps it is serving to the NIS domain.

Solaris Operating Environment System Administration I & II

Page 499 of 563

Solaris SA 1 & 2 - Training Material

Updating the NTS Map Database files change as time goes on and your NTS maps must be updated. To update the NIS maps (on the master server), perform the following steps: 1.

Update the text files in your source directory (typically /etc unless it was changed in the Makefile) with the new or modified information,

2.

Change to the /var/yp directory.

3.

Refresh the NIS database maps by executing the make command,

# cd /var/yp

# /usr/ccs/bin/make

Updating the Hosts Map and Propagating to Slave Servers

The following steps manually update the NIS hosts map on the master server and propagate all maps to the slave servers: 1.

Edit a map source file on the NIS master.

2.

Remake and push the NIS maps to the slave .servers.

# vi /etc/hosts

# cd /var/yp; make The following commands manually "pull" only the host maps horn the master server. # /usr/lib/netsvc/yp/ypxfr hosts.byaddr # /usr/lib/netsvc/yp/ypxfr host.byname You can also pull all of the maps from the master server at once using the following command: # ypinit -s nis_master

Solaris Operating Environment System Administration I & II

Page 500 of 563

Solaris SA 1 & 2 - Training Material

Updating the NIS Password Map If the NIS master is running the rpc.yppasswd daemon, you can update any client system to the NIS password map by using the

Figure 12-4

Updating the NIS Password Map

The following describes what you need to do to be successful at updating of the password map: •

Running the rpc.yppasswd daemon on the NIS master server

# /usr/lib/netsvc/yp/rpc.yppasswd. /etc/passwd -m passwd The rpc .yppasswd daemon updates the NIS master's /etc/passwd file and passwd map whenever users change their NIS password (with the passwd or yppasswd commands). The passwd map is then pushed to all slave servers.

Solaris Operating Environment System Administration I & II

Page 501 of 563

Solaris SA 1 & 2 - Training Material

•

Run the passwd command on any NIS client.

# passwd

Changing NIS password for user1 on server1. Old password: New password: Retype new password: NIS entry changed on server1

Solaris Operating Environment System Administration I & II

Page 502 of 563

Solaris SA 1 & 2 - Training Material

Updating the NIS Slave Server Map Sometimes maps fail to propagate and you must use ypxfr manually lo retrieve new map information. To automate the updating and propagating of NIS maps on slave servers, you can install shell scripts to run as cron jobs. Because maps have different rates of change, scheduling a map transfer using the crontab command enables you to set specific propagation times for individual maps.

Sun provides several template scripts in the /usr/lib/netsvc/yp directory that you can use and modify to meet local site requirements. These scripts are useful when slave servers are down during NIS map propagations. In such cases, the slave server might not receive the update unless you run a "safety valve" script (Figure 12-5).

Figure 12-5

Updating passwd Maps on Slave Servers with Scripts

Solaris Operating Environment System Administration I & II

Page 503 of 563

Solaris SA 1 & 2 - Training Material

The following text is the contents of the ypxfr_lperhour script that, if run hourly using cron, ensures that the NIS slave server’s passwd map is never more than one hour out of date.

# ! /bin/sh # # @(#)ypxfr_lperhour.sh 1.9 92/12/18 Copyright 1999 Sun Microsystems, # inc. # # ypxfr_lperhour.sh - Do hourly NIS map check/updates # PATH=/bin: /usr/bin: /usr/lib/netsvc/yp: $PATH #export PATH # set -xv ypxfr passwd. byname ypxfr passwd.byuid

Solaris Operating Environment System Administration I & II

Page 504 of 563

Solaris SA 1 & 2 - Training Material

Updating Other Scripts There are .scripts called ypxfr__lperday and ypxfr_2perday. ypxfr__lperday script checks or updates the following maps daily: •

group.byname

•

group.bygid

•

protocols.byname

•

protocols.bynumber

•

networks.byname

•

netvjorks.byaddr

•

services.byname

•

ypservers

.

The

:

The ypxf r_2perday script checks and updates the following NIS maps twice per day: • hosts.byname •

hosts.byaddr

•

ethers.byaddr

•

ethers.byname

•

netgroup

•

netgroup.byuser

•

netgroup.byhost

•

mail,aliases

Solaris Operating Environment System Administration I & II

Page 505 of 563

Solaris SA 1 & 2 - Training Material

Makefile Syntax and New Maps You can build custom NIS maps for use with local utilities or with Sun utilities, such as the automounter. By generating an NIS automounter map and setting up. all NFS clients appropriately, NFS-mountable resources become available over the network with minimum administration. Changes need to be made only to the NIS master server, and the NFS server grants NFS access to clients within the entire NIS domain.

The make Utility Building customized NIS maps is essentially a lesson in the make utility. The make utility: •

Is used by programmers to build programs

•

Is used by administrators to build NIS maps

•

Can be generalized to build customized NIS maps

The make utility receives its instructions from the Makefile file. The Makefile uses.variable definitions (called macros), targets, and dependencies. You can use macros as variables, similar to those that are used in a shell script. A macro is defined at the beginning of the Makefi le and is used throughout the Makefile by prefixing the macro name with a dollar sign ($). The make utility builds targets. Targets need dependencies. Dependencies can represent other targets that must be built before the original target is considered "made." This structure enables you to nest the target and dependency pairs to an arbitrary depth, allowing for hierarchical building of complex code structures. When making NIS maps, you should keep the target and dependency relationship is fairly simple..

Solaris Operating Environment System Administration I & II

Page 506 of 563

Solaris SA 1 & 2 - Training Material

First Section of Makefile The NIS Makefile is located in the /var/yp directory and is composed of four main sections. The first section contains the following macro definitions: #B=-b B= DIR =/etc PWDIR =/etc DOM = ‘domainname’ NOPUSH = "" ALIASES = /etc/mail/aliases YPDiR=/usr/lib/netsvc/yp SBINDIR=/usr / sbin YPDBDIR=/var/Vp YPPUSH=$ (YPDIR) /yppush MAKEDBM=$ (YPDIR) /nekedtcn MULTI=$ (YPDIR) /multi REVNETGROUP=$ (SBINDIR) /revnetgroup STDETHERS=$ (YPDIR) /stdethers STDHOSTS=$ (YPDIR) /stdhosts MKNETID=$'(SBINDIR) /mknetid MKALIAS=$ (YPDIR) /mkalias

Solaris Operating Environment System Administration I & II

Page 507 of 563

Solaris SA 1 & 2 - Training Material

Second Section of Makefile The second section contains the first target, all. all: passwd group hosts ethers networks rpc services protocols netgroup bootparams aliases publickey netid netmasks to secure \ timezone auto.master auto.home auth.attr exec.ettr prof.attr \ user.attr audit.user

The all target has several dependencies, each of which represents one of the NIS maps to be built. This enables the entire set of NIS maps to be built by typing: # cd /var/yp; make The all target is not considered to be built until each of its targets is first built in turn. Each of the targets for all depends on another target.

When adding custom maps to NIS, the name of the new map to be built should be added to the end of the ell target list (auto .direct in the following example).

all: passwd group hosts ethers networks rpc services protocols \ netgroup bootparams aliases publickey netid netmasks c2secure \ timezone auto.master auto.home auth.attr exec.attr prof.attr \ user.attr audit.user auto.direct

Solaris Operating Environment System Administration I & II

Page 508 of 563

Solaris SA 1 & 2 - Training Material

Fourth Section of Makefile The entry in the fourth section of the Makefile for each of the dependencies specified in the all target is:

passwd: passwd.time group: group.time hosts: hosts. time ethers: ethers.time networks: networks.time rpc: rpc.time services: services.time protocols: protocols.time netgroup: netgroup.time bootparams. bootparams. time aliases: aliases.time publickey: publickey. time netid: netid.time passwd.adjunct: passwd.adjunct.time group.adjunct: group.adjunct.time netmasks: netmasks. time timezone: timezone.time auto.master: auto.master,time auto.home: auto.home.time $(DIR)/netid: $(DIR)/timezone: $(DIR)/auto_master: $(DIR)/auto_home: $(PWDIR)/shadow:

Solaris Operating Environment System Administration I & II

Page 509 of 563

Solaris SA 1 & 2 - Training Material

Using the previous example of an auto .direct map, add a new map to the NIS domain by appending the appropriate entries to the end of thus second level" target/dependency pair. …. auto.direct: auto .direct. tune …. $ (DIR) /auto_direct:

Therefore, the final lines from the fourth section would look like this after the auto.direct map was modified. auto.master: auto.master.time auto.home: auto.home.time auto, direct: auto .direct. tin $(DIR)/netid: $(DIR)/timezone: $ (DIR) /auto_master: $(DIR)/auto_home: $ (DIR) /auto_direct: $(PWDIR)/shadow:

The target in this .case, auto.direct, depends on another target auto, direct, time.

Solaris Operating Environment System Administration I & II

Page 510 of 563

Solaris SA 1 & 2 - Training Material

Third Section of Makefile In the third section of the Makefile, the final target and dependencies are defined, along with instructions on how to build each map in the domain.

You must add the following lines to the Makefile to build a new auto_direct map:

auto.direct.time: $(DIR)/auto_direct -@if .[ -f $(DIR)/auto_direct ]; then \ sed -e "/"-fl/d" -e s/#.*$$// $ (DIR)/auto_direct \ | $(MAKEDBM) - $ (YPDBDIR)/$ (DOM)/auto.direct; \ touch auto.direct.time; \ echo "updated auto.direct",- \ if [ ! $(NOPUSH) ,]; then \ $(YPPUSH) auto.direct; \ echo "pushed auto.direct"; \ else \ :;\ fi \ else \ echo "couldn't find $ (DIR)/auto_direct"; \ , fi

Solaris Operating Environment System Administration I & II

Page 511 of 563

Solaris SA 1 & 2 - Training Material

You should be aware of the following: •

auto .home. time depends on $ (DIR) /auto_home.

In this case, the dependency is a file. The make utility checks the timestamp of the target (assumed to be a file, and in the current directory) against the timestamp of the dependency (usually in the /etc directory). If the target has a newer modification time than the dependency, the target is not built, and this section is skipped. If, on the other hand, the dependency has a more recent modification timestamp, the target is built according to the instructions in (the section that immediately follows. •

Subsequent lines of make instruction are indented by tabs. (This is required.)

•

You can use make macros in the instructions.

•

Instructions that begin with the at (@) sign are not echoed to the screen. Removing the @ sign is useful for debugging new instructions.

•

Instructions that begin with a leading dash (-), occurring before the leading @ sign, do not have error messages echoed to the terminal.

Solaris Operating Environment System Administration I & II

Page 512 of 563

Solaris SA 1 & 2 - Training Material

Building MS Maps Most map builds consist of the following sequence of actions, which are specified in the third section of the Makefile:

1.

Extract the source file key and value pairs of information using the awk or sed commands.

2.

Send these key and value pairs to the makedbm program to generate the NIS map.

3.

Use touch on the timeslamp file so that this map is not remade unless and until the source file is updated.

4.

Echo the message stating the map has been updated.

5.

Push the map to the slave servers.

6.

Echo a message stating the push is done.

Caution - The first time you build a new map, the slave servers do not know of its existence and so the push process attempt fails. Send an interrupt (ControlC) to the build process when the push process hangs, and execute the ypxfr command on the map from the slave server(s) to complete the build process. (This is necessary only during the first build of a new NIS map.)

Note - Details of the awk, sed, and makedbm programs are beyond the scope of this class.

Solaris Operating Environment System Administration I & II

Page 513 of 563

Solaris SA 1 & 2 - Training Material

Exercise: Configuring NIS Exercise objective - In this lab, you configure a NIS master server and one NIS client.

Preparation Choose two partners for this lab and determine which systems will be configured as the NIS master server and which will serve a;, the NIS slave and NIS client. You use the NIS master as the jumpstart server later in the course. Verify that entries for al! systems exist in the /etc/hosts file. Refer to your lecture notes as necessary to perform the steps listed.

Task Overview In this exercise, you accomplish the following: •

On the system that will become the NIS master server, replace the /var/yp/Makefile file with an updated copy that references /etc/locale. Your instructor will provide the Makefile.

Solaris Operating Environment System Administration I & II

Page 514 of 563

Solaris SA 1 & 2 - Training Material

•

Use the following commands and files to create and configure an NIS master server. Configme only a master server. Verify that the configuration works using the ypwhich -m command. /etc/nsswi tch.nis /etc/nsswitch.conf /etc/defaultdomain /etc/ethers /etc/bootparams /etc/locale /etc/netmasks /etc/timezone /etc/security/audit_user /etc/security/auth_attr /etc/security/exec_attr /etc/security/prof_attr domainname ypinit ypstart

•

Use the following commands and files to create and configure an NIS client. Verify that the configuration works using the ypwhich -m command. /etc/nsswitch.nis /etc/nsswitch.conf domainname /etc/defaultdomain ypinit ypstart/etc/nsswitch.nis /etc/nsswitch.conf /etc/defaultdomain /etc/ethers / etc/bootparams /etc/locale /etc/netmasks /etc/timezone /etc/security/audit_user /etc/security/auth_attr /etc/security/exec_attr /etc/security/prof_attr domainname ypinit ypstart

Solaris Operating Environment System Administration I & II

Page 515 of 563

Solaris SA 1 & 2 - Training Material

•

Use the following commands and files to create and configure an NTS slave server. Verify that the configuration works using the ypwhich -m command.

/etc/nsswitch.nis /etc/nsswitch.conf domainname /etc/defaultdomain ypinit ypstart ypcat •

Use the following commands and files to create and update a new NIS map, auto.home. Verify that the new map works using the ypcat command. /etc/nsswitch.nis /etc/ns switch,, conf domainname /etc/defaultdomain ypinit ypstart

Solaris Operating Environment System Administration I & II

Page 516 of 563

Solaris SA 1 & 2 - Training Material

CHAPTER - 24

JUMP START™- AUTOMATIC INSTALLATION

Objectives Upon completion of this module, you should be able to: •

List the main components for setting up a JumpStart network installation

•

Set up boot services on a subnet using the setup_install_server script

•

Describe the JumpStart client boot sequence

•

List the files necessary to support JumpStart boot operations

•

Describe the use of the sysidcfg file with and without name service support

•

Set up a JumpStart installation server to provide the Solaris Operating Environment with the software necessary lo install clients.

•

Describe the use of the add_to_install_server and modify_install_server scripts

•

Add install clients to the install servers and boot servers

•

Create a configuration server with customized rules and class files

•

Use the pf install command lo test configuration and installation files

•

Boot install clients

•

Configure N1S name service support for the JumpStart program

Solaris Operating Environment System Administration I & II

Page 517 of 563

Solaris SA 1 & 2 - Training Material

Introduction to JumpStart JumpStart is an automatic installation (auto-install) process available in the Solaris Operating Environment. JumpStart allows you to install Solaris automatically and configure it differently depending on characteristics of client systems. JumpStart implementations use these identifying characteristics to select the correct configuration for each client system.

Who Should Use JumpStart and Why? System administrators who need to install multiple systems with similar configurations can use JumpStart to automate the installation process. JumpStart eliminates the need for operator intervention during the installation process.

Advantages of using JumpStart include the following: •

It frees system administrators from the lengthy question and answer session that is part of the interactive installation process

•

It enables system administrators to install different types of systems simultaneously

•

It installs the Solaris Operating Environment and unbundled software automatically

•

It simplifies administration tasks when widely-used applications must be updated frequently

JumpStart provides networked computing environments with considerable time savings when multiple or ongoing installations are required.

Solaris Operating Environment System Administration I & II

Page 518 of 563

Solaris SA 1 & 2 - Training Material

Jumpstart Components

There are three main components to jumpStart: •

Boot and client identification services- These are provided by a networked, boot server.

A boot-server provides the information that a JumpStart client needs to boot using the network. This includes RARP, TFTP, and bootparams information, and the identity of sewers that will provide installation and configuration services. The boot server must reside on the same subnet as the client, but the install and configuration servers may reside on other network segments. The boot server can also provide client identification information. This information answers the system identification questions normally asked bythe interactive installation routine. It is possible for one server to provide boot, installation, and configuration services. •

Installation services -These are provided by a networked install server.

An install server provides an image of the Solaris Operating Environment that the JumpStart client uses as its source of data to install. The install server shares a Solaris image either from a delivery CD-ROM, or from an area on a local disk. Because the Solaris Operating Environment is delivered on two CD-ROMs, only the Core and End User configuration clusters can install without spooling the OS onto a local disk. jumpStart clients use NFS to mount the OS image during the installation process. •

Configuration services -These are provided by a networked configuration server.

A configuration server provides information that a JumpStart client uses to partition disks and create filesystems, add or remove Solaris packages, and perform other configuration tasks Clients select a configuration based on identifying information known as a "class". A configuration server shares a directory that contains a "rules" file and "class" files that allow clients to obtain appropriate configuration information.

Solaris Operating Environment System Administration I & II

Page 519 of 563

Solaris SA 1 & 2 - Training Material

If any one of (he three main components is improperly configured, the JumpStart clients can: •

Fail to boot

•

Fail to find a Solaris Operating Environment image to load

•

Ask questions interactively for configuration

•

Fail to partition disks, create file systems, and load the operating environment.

Using add_install client The script add_install_client allows you to establish support for clients on JumpStart servers. Because JumpStart components mayexist on more than one server, you must select options to add_install_client and specify arguments that reflect the overall JumpStart configuration in place. The general syntax of add_install. client is described here, but its use for specific configurations is described throughout the module. The add_install_client script adds support for JumpStart clients by updating information as required on the install server. The files that these updates affect can include /tftpboot, /etc/dfs/dfstab, etc/.bootparams, /etc/inetd.conf, and /etc/nsswitch.conf.

The add_install_client script must run from the install server's installation image, either on CD-ROM or spooled to disk, or the boot server's boot directory. On the Solaris,1 of 2 CD-ROM, this directory is /cdrom/cdrom0s0Solaris_10/Tools. In an OS image spooled to disk below /export/install, this directory is / export / ins tall/Solar is_8/Tools.

Solaris Operating Environment System Administration I & II

Page 520 of 563

Solaris SA 1 & 2 - Training Material

Command Syntax Options and arguments for add_install_client include the following: add_install_client -i JP_address -e Ethernet_address \ -s server .-path -c server.-path -p server .-path client_name platform__group

Options -i

Specifies the IP address of the client. This option is not required if an entry for the client exists in a naming service in use on the boot server or in the /etc/inet/hosts file.

-e

Specifies the Ethernet (MAC) address of the client. This option is not required if an entry for the client exists in a naming service in use on the boot server or in the /etc/ethers file.

-s

serverr:path specifies the server and absolute path of the Solaris installation image used for this installation. This option is not required if the boot server also acts as the install server. This option is only required when running add_install_client from a boot server.

c-

serverpath specifies "the server and absolute path of the directory that holds configuration information (rules and class files).

-p

serverpath specifies the server and absolute path of the directory that holds the sysidcfgfile.

'The client_name argument specifies the name of the client.as recorded in /etc/inet/hosts and /etc/ethers. The platform_group argument specifies the hardware platform type as reported by uname -m (for example., sun4u, sun4m, sun4c).

Solaris Operating Environment System Administration I & II

Page 521 of 563

Solaris SA 1 & 2 - Training Material

Setting Up Boot Services A boot server allows JurnpStart clients to boot via the network, and provides installation and configuration server information.

This section describes JumpStart boot services including: •

The JumpStart client boot sequence

•

Boot operation support files

•

Adding a bootable Solaris Operating Environment image

•

Using the add_.install_client script to specify a boot server that is separate from an install server

Solaris Operating Environment System Administration I & II

Page 522 of 563

Solaris SA 1 & 2 - Training Material

The following steps describe how the Jumpstart process works: 1. When a network workstation boots, the boot PROM (programmable read-only memory) issues a Reverse Address Resolution Protocol (RARP) broadcast to the network. On receiving the RARP request, the boot server translates the Ethernet address to an Internet address. The boot server running the RARP daemon, /usr/sbin/in. rarp, looks up the Ethernet address in the /etc/ethers file, checks for a corresponding name in the/etc/hosts file, and passes the Internet address back to (he-client. 2. The client's boot PROM sends a Trivial File Transfer Protocol (TI-TP) request for its boot program. 3. The server searches for a symbolic link named for the client's Internet Protocol (IP) address expressed in hexadecimal format .This link points to a boot program to a particular Solaris releases and client architecture, For SPARCTM systems, the file name is hex-IP-address.archticecture.

C009C864.SUN4U ->'inetboot.sun4u.Solaris-1 4. The server uses the in. tftpd daemon to transfer the boot program to the client. The client then.runs the boot program. 5. The boot program tries to mount the root file system. To do so, it issues a whoami request to discover the client's host name. A server running the boot parameter daemon, rpc.bootpararrd, looks up the host name, and responds to the client. Then, the boot program issues a getfile request to obtain the location of the client's root and swap space. 6. The server responds with the information obtained from the /etc/bootparams file.

7.

Once the client has its boot parameters, the boot program on (ho client mounts the / (root) file system from the boot server. The client loads its kernel and starts (he init program. When (he boot server is finished bootstrapping the client, it redirects the client to the configuration server.

Solaris Operating Environment System Administration I & II

Page 523 of 563

Solaris SA 1 & 2 - Training Material

8.

The client searches for the configuration server using bootparams information. The client mounts the configuration directory and runs sysidtool the client then uses bootparams information to locate and mount the installation directory where the Solaris image resides. The client then runs the Sunlnstall program and installs the operating environment.

Solaris Operating Environment System Administration I & II

Page 524 of 563

Solaris SA 1 & 2 - Training Material

Boot Operation Support Files For boot operations to proceed, the following files and directories must be properly configured on the boot server: /etc/ethers, /etc/hosts, /etc/bootparams, /etc/dfs/dfstab, and /tftpboot. On a network running the NIS or NIS-i- name services, the identification information from the JumpStart server files must also be incorporated in the domain database maps. The /etc/ethers File When the JumpStart client boots, it has no IP address so it broadcasts to the network using RAFP and its Ethernet address. The JumpStart server receives the request and attempts to match the client's Ethernet address with entry in the local /etc/ethers file. If a match for the Ethernet number is found, the client name is matched to an entry in the /etc/hosts file. In response to the RARP request from the client, the JumpSlart server sends the IP address from the /etc/hosts file back to the client. The client then continues the boot process using the IP address. If a match is riot found, the client cannot acquire its IP address and cannot continue the. boot process. The usual (repeating) message displayed on the screen of a JumpStart client when this occurs is the following:. Timeout waiting for ARP/RARP packet An entry for the JumpStart client can be created by editing the /etc/ethers file or as one of the arguments to the add_install_client script. The following example is an entry in the /etc/ethers file for a JumpStart client: 8:0:20:2f:90:3d clientl

Solaris Operating Environment System Administration I & II

Page 525 of 563

Solaris SA 1 & 2 - Training Material

The /etc/hosts File

The /etc/hosts file is the local database that associates the names 01 hosts with their IP addresses. The JumpStart server references this file when trying to match an entry from the local /etc/ethers file in response-to a RARP request from a client.

If a match is not found, the client cannot acquire its IP address and cannot continue, the boot process. The usual (repeating) message displayed on the screen of a JumpStart client when this occurs is the following:

Timeout .waiting for ARP/RARP packet

An entry for the JumpStart client can be created by editing the /etc/hosts file or as one of the arguments to the add_install_client script. The following example is an entry in the /etc/hosts file for a JumpStart client:

192.9.200.100 clientl

Solaris Operating Environment System Administration I & II

Page 526 of 563

Solaris SA 1 & 2 - Training Material

Tlie /tftpboot Directory The /tftpboot directory contains the inetboot.SUN4x.Solar is_8-1 file that is created for each JumpStart client when the add_install_client script is run. When booting over the network, the client's boot PROM makes a RARP request and when it receives a reply, the PROM broadcasts a TFTP request to fetch the inetboot. file from any server that responds and executes it. For example, the inetboot file created for a JumpStart client with a sun4u architecture' is named inetboot;.SUW4U.Golaris__8-l. Two additional symbolic links to this file are also created at the same time containing the IP address and the architecture of the client system. The long listing output of a /tftpboot directory that supports one sun4u client with an IP address of 192. 9.200 .100 appears as follows:

# ls -1 /tftpboot total 344 lrwxrwxrwx 1 root other inetboot.SUN4U.Solaris_10-l* lrwxrwxrwx 1 root other inetboot.SUN4U.Solaris_10-l* -rwxr-xr-x 1 root other inetboot.SUN4U.Solaris_10-l* -rw-r—r— 1 root -other

26 Apr 15 21:20 C009C864 -> 26 Apr 15 21:20 C009C864-SUN4U -> 159768 Apr 15 21:20 315 Apr 15 21:20 rm.192.9 .200 .100

The inetboot program makes another RARP request, then uses the bootparams protocol to locate its root file system. It then-mounts the root file system across the network using the NFS protocol and runs the kernel.

If the files in the /tftpboot directory are unavailable to the JumpStart client when the boot process is initiated, the client cannot retrieve bootparams information for the root file system and stops the boot process without displaying an error message.

Solaris Operating Environment System Administration I & II

Page 527 of 563

Solaris SA 1 & 2 - Training Material

The /etc/bootparams File The /etc/bootparains file contains entries that network clients use for booting. JumpStart clients retrieve the information from this file by issuing requests to a server running the rpc.bootpararad program. The /etc/bootparams file can be used in conjunction with, or in place of, other sources for the bootparams information. When the JumpStart client makes die request, the server references the /etc/bootparams file and responds with the file system information required for NFS mount to enable network installation.

If the required entries are not in the /etc/bootparams file, the JumpStart client cannot determine the appropriate server and file system to mount, and stops at the beginning of the boot process without displaying an error message.

Entries in this file are created by the options and arguments entered as part of the add_install_client script. The following example is an entry in the /etc/bootparams file for a JumpStart client named clientl: clientl toot=serverl:/export/install/Solaris_10/Tools/Boot. install=serverl:/export/install boottype=:in sysid_config=serverl:/export/conf ig install_conf ig=serverl:/export/conf ig rootopts=:rsize=32768

Solaris Operating Environment System Administration I & II

Page 528 of 563

Solaris SA 1 & 2 - Training Material

The following lists describes the entries: •

clientl - The JumpStart client name

•

root=serverl:/export/iris tall/Solaris_10/Tools/Boot-The boot server name and directory for the root file system

•

install=serverl: /export/install - The server name and directory for the Solaris software image

•

boottype=: in - Indicates a network boot and installation

•

sysid_config-serverl: /export/contig - The server name and directory for the JumpStart configuration file system

•

install_config=serverl; /export/config - The server name and directory for the operating environment installation files

•

rootopts=:rsize=32768- Mount options for the root file system and NFS read size

The /etc/dfs/dfstab File The /etc/dfs/dfstab file lists local file systems to be shared to the network. Typically, when you initially set up the JumpStart server, you must manually update this file with an entry for the configuration directory you want to share to the network to support remote installation. This file is again populated with the installation directory location as a result of the add_install_server script.

If the required entries are not in the /etc/dfs/dfstab file, the JumpStart client cannot mount the file systems specified in the /etc/bootparams and displays the following error message:

panic - boot: Could not mount filesystem Program terminated ok

Solaris Operating Environment System Administration I & II

Page 529 of 563

Solaris SA 1 & 2 - Training Material

Adding a Bootable Image To enable the client for JumpStart network installation, you must set up an install server, boot server, and. a configuration server (see the "JumpStart Components" on page 13-4).

You can set up a boot server that uses the Solaris software image located on the CD-ROM by using the following steps:

1.

Ensure that the system has an empty directory (/export/ install, for example) with approximately 156 Mbytes of available disk space.

2.

Insert the Solaris Software CD-ROM 1 of 2 in the CD-ROM drive, allowing void to automatically mount the CD-ROM.

3.

Change the directory to the location of the setup_install_server script.

# cd /cdrom/cdrom0/s0/Solaris_10/Tools

3.

Run the setup_install_server script:

# ./setup_install_server -b /export/install

Note - The add_install_client to create JumpStarl clients and the rm_nstall_client to remove an existing JumpStart client are also in this directory.

Solaris Operating Environment System Administration I & II

Page 530 of 563

Solaris SA 1 & 2 - Training Material

Adding Install Clients You can create a Jumpstart client using a server named serverl to provide only the boot function JumpStart component. You use another system as the install server (named server2) for the Solaris software image installation and configuration components by running the add_install_client command to create a client named clientl with a sun4u architecture, as follows:

# /add_install_client -s server2: /export/install -c servers .-/export/config \ -p server2:/export/config clientl sun4u

Run this command from the /export/install/Solaris_10/Tools directory on the boot server (serverl). The arguments to options -s, -c, and -p, redirect the JumpStart clients to server2 for the configuration information and the Solaris software image.

Solaris Operating Environment System Administration I & II

Page 531 of 563

Solaris SA 1 & 2 - Training Material

Setting Up Client Identification . When a JumpStart client boots for the first time, the booting software first tries to obtain system identification information (such as the system's host name, IP address, locale, timezone, and root, password) from a sysidcfg file and then from the name service database. Therefore, you can use a sysidcfg file to answer system identification questions during the initial part of the installation regardless of whether or not a name service (NIS or NIS+) is used. If the JumpStart server provides this information, the client bypasses the initial system identification portion of the Solaris Operating Environment installation process without administrator intervention

Without the sysidcfg file or a name service database, the client displays the appropriate interactive dialog boxes to request needed identification information.'

Solaris Operating Environment System Administration I & II

Page 532 of 563

Solaris SA 1 & 2 - Training Material

Using the sysidcfg File to Identify a Client In the absence of a name service on the, network, the sysidcfg file must be present to automate system identification.

Table 13-1 lists the keywords and arguments used in the construction of the sysidcfg file.

Table 13-1 Keywords and Arguments of the sysidcfg File

Keyword

Argument

name_service {domain_.name}

name_service=NIS, NIS+, OTHER, NONE

Options for NIS and NIS-K {domainname=domain_name name__server=hostname (ip_address))

Options for DNS: (domainname=domain_name name_server ip__address, ip_address, ip_address (three maximum) search=domain_name, donain_name, domain_name, domain_name, domain_name, domain_name (six maximum, the total length is less than or equal to 250 characters)) network_interf ace, hostname, Internet Protocol (IP) address, netmask, DHCP, IPv6

network_interface-NONE, PRIMARY, or value {hostname=hostna.Tie ip_address = ip address netmask=netmask protocol_ipv6=yes/no) If DHCP is used, specify: {dhcp protocol_ipv6+yes_or_no) If DHCP is not used, specify: (hostname=host_name ip_address=ip address netmask-netmask protocol_ipv6=yes_or_no)

root_password

root_password=root_password (Encrypted password from /etc/shadow)

Solaris Operating Environment System Administration I & II

Page 533 of 563

Solaris SA 1 & 2 - Training Material

Table 13-1 Keywords and Arguments of the sysidcfg File (Continued)

Keyword

Argument

security_policy

seeurity_policy-kerberos, NONE Options for kerberos: {default_realm=FQDN admin_server=FQDN where FQDN is a fully qualified domain name. Note: You can list a maximum of three key distribution centers (KDCs), but at least one is required.

system_locale

system_locale=locale (Entry from /usr/lib/locale)

terminal

terminals terminal. type (Entry from /usr/share/lib/tenrdnfo database)

timezone

timezone=timezone (Entry from /usr/share/lib/zoneinfo/}

timeserver

timeserver=localhost, hostname, or ip_addr

Sample sysidcfg File

The following rules apply to die sysidcfg file: •

Keywords can be in any order.

•

Keywords are not case sensitive.

•

Keyword values can be optionally enclosed in single (') or double (") quotes.

•

Only the first instance of a keyword is valid; if a keyword is specified more than once, the first keyword specified is used.

Solaris Operating Environment System Administration I & II

Page 534 of 563

Solaris SA 1 & 2 - Training Material

The following is an example of a sysidcfg file:

# Sample sysidcfg file for SPAR.C systems system_locale=en__US timezone=US/Mountain timeserver=localhost terrrunal=vtl00 name_service=NONE security_policy=NONE . root__password=Hx2 3475 vABDDM network_interface=PRIMARY {protocol.. ipv6=yes netmask=2S5 .255.255.0}

Locating the sysidcfg File The location of the sysidcfg file (host and absolute directory path) is specified by the -p argument to the add_install_client shell script used to create JumpStart client information files. (See "Using add_install_client" on page 135 and "Adding Install Clients" on page 13-17). As previously mentioned, you can use the sysidcfg file to answer system identification questions during the initial part of installation regardless of whether a name service (NIS or NIS+) is used. When this file is used with the NIS naming service, identification parameters, such as locale and timezone can be provided from the name service. The sysidcfg file necessary for installing a JumpStart client on a network running the NIS name service is typically shorter and a separate sysidcfg file for each client is unnecessary. You can use the /etc/locale, /etc/timezone, /etc/hosts, /etc/ethers and /etc/netmasks files as the source for creating NIS databases to support client JumpStart installations. The following paragraphs provide a brief explanation of how each file, when created or modified and then converted to its respective database map, determines a specific identification parameter for the client installation process.

Solaris Operating Environment System Administration I & II

Page 535 of 563

Solaris SA 1 & 2 - Training Material

The /etc/locale File To enable MS support for a network installation of a JumpStart client, you must create the /etc/locale file if it does not exist (this assumes that the system_locale keyword is not provided in a sysidcfg file). When converted to its respective NIS map, locale.byname, it provides the installation program running on the JumpStart client with the default language information. If this information is not available, the client installation displays a dialog box and prompt for it.

The following is an example of the content found in the /etc/locale file on an NIS master for the Central.Sun.COM domain that sets the default language to English.

Central.Sun.COM

en US

Note - You can also specify separate entries based on a host name rather than a domain. For a list of possible locale entries for this file, run the ' locale -c' command.

Solaris Operating Environment System Administration I & II

Page 536 of 563

Solaris SA 1 & 2 - Training Material

Setting Up Locale If the installation, media contains multiple languages, you are prompted for the language to use during installation unless the installation process car. determine the default localization.

On the NIS server, complete the following steps: 1.

Make the following changes to the /var/yp/Makefile file a.

Add the following text after the existing audit .user . time entry (approximately line 424):

locale.time: $(DIR)/locale -@if ( -f $(DIR)/locale ]; then \ sed -e "/^#/d" -e s/#.*$$// $ (DIR)/locale \ | awk /{for (i = 2,- i<=NF; I++) print $$i, $$0}' \ | $(MAKEDBM) -$ (YPDBDIR) /$ (DOM) /locale.byname; \ touch locale.time; \ echo "updated locale"; \ if [ ! $(NOPUSH) ]; then \ $(YPPUSH) locale.byname; \ echo "pushed locale"; \ else \ :;\ fi \ else \ echo "couldn't find $(DIR)/locale"; \ fi

Solaris Operating Environment System Administration I & II

Page 537 of 563

Solaris SA 1 & 2 - Training Material

The /etc/timezone File To enable NIS support for a network installation of a JumpStart client, you must create the/etc/timezone file. If it does not exist (this assumes that the timezone keyword is not provided in a sysidcfg file). When converted to its respective NIS map, timezone. byname, it provides the installation program running on the JumpStart client with the default lime zone information. If this information is not available, the client installation displays a dialog box and prompts for it.

The following is an example of the content found in the /etc/timezone.file on an NIS master for the Central. Sun.COM domain that sets the default timezone to U.S. Mountain Standard Time:

US/Mountain

Central.Sun.COM

Note - You can also specify separate entries based on a host name rather than a domain. A list of possible locale entries for this file exists in the /usr/share/lib/zoneinfo directory.

The/etc/hosts File To enable NIS support for a network installation of a JumpStart client., you must update the /etc/hosts file to include the client EP address and host name. When converted to its respective NIS map, hosts, it provides the installation program running on the JumpStart client with its IP address. Additionally, this file must have a timehost alias specified so the client can obtain the time of day information required for installation. Typically, this alias is assigned to the JumpStart server or the NIS master. If the client IP address information is not available, the client installation displays a dialog box and prompts for it.

The following is an example of the content found in the /etc/hosts file on a JumpStart server named server 1 for a client named client! with an IP address of 192.9.200.100 (includes the timehost alias assigned to the server): 192.9.200.1 192.9.200.100

serverl clientl

timehost

Solaris Operating Environment System Administration I & II

Page 538 of 563

Solaris SA 1 & 2 - Training Material

The /etc/netmasks File To enable NIS support for a network installation of a JumpStart client, you must update the /etc/netmasks file to include the local network netmask value. When converted to its respective NIS map, netmasks byaddr, it supplies the installation program running on the JumpStart client with the local netmask value. If the client netmask information is not available, the client installation displays a dialog box and prompts for it. The /etc/netmasks file contains network masks used to implement IP subnets. It supports both standard subnetting as specified in Request for Change (RFQ950 and variable length subnets as specified in RPC-1519. When using standard subnets, there should be a single line for each network that is submitted in this file with the network number, any number of SPACE or TAD characters, and the network mask to use on that network. You can specify network numbers and masks in the conventional IP '.' (dot) notation (such as IP host addresses, but with zeroes for the host part). For example, you can use:

192.9.200.0

255.255.255.0 to specify that the Class C network, 192 .9.200.0, should have eight bits of host field and twenty-four bits in the network field.

Note - See the man page for netmasks for more examples of subnets.

Solaris Operating Environment System Administration I & II

Page 539 of 563

Solaris SA 1 & 2 - Training Material

Setting Up an Install Server To enable a networked client to install the Solaris Operating Environment, the JurnpStart install server must have the Solaris Operating Environment release software image available either on the local disk or from a CD-ROM shared to the network. The most common configuration for the JumpStart install server is to have this software available from the local disk. You use the setup__install_server script to accomplish this task. This script was previously described in "Adding a Bootable Image" on page 13-16. The Solaris Operating Environment releases before release 8 (Solaris 7, 2.6, 2.5, and so on), had only one CD-ROM that contained the entire operating environment The Solaris Operating Environment has three; an installation CDROM, 1 of 2, and 2 of 2. To establish an installation server that c6ntains the capability provided by the three CD-ROM set, you must make use of three different installation scripts:

To set up a install server that uses the Solaris software Image located on the local disk, perform following steps: 1.

Ensure that the system has an empty directory (/export/install, for example) with approximately 700 Mbytes of available disk space.

2.

Insert-the Solaris Software CD-ROM 1 of 2 in the CD-ROM drive allowing void to automatically mount the CD-ROM.

3.

Change the directory to the location of the setup_install_server script.

# cd /cdrom/cdrom0/s0/Solaris_10 /Tools 4.

Run the setup_install_server script to copy the release software from the CD-ROM to the local disk (this process takes about one hour):

# /setup_install_server /export/install There are two additional scripts that add functionality to the JumpStart boot or installation server; add_to_install_server and modify_install_server. For more information, sec "Adding a Bootable Image" on page 13-16.

Solaris Operating Environment System Administration I & II

Page 540 of 563

Solaris SA 1 & 2 - Training Material

The add_to_install_server Script The add_t.o_install_server script located on the Solaris Software CD-ROM 2 of 2 enables the installation of supplemental CD-ROM products directories to an existing install server. If you do not use this script to install the additional Solaris Operating Environment release software located on CD-ROM. 2 of 2, you will be limited to Core and EndUser software clusters.

To add the Solaris Operating Environment supplemental software products to an existing install server, perform the following steps (this process takes about 15 minutes): 1.

Insert the Solaris Software CD-ROM 2 of 2 in the drive. The void daemon automatically mounts the CD-ROM.

2.

Change the directory to the location of the add_to_install_server script.

# cd /cdrom/cdrom0/Solari8_8/Tools 3.

Run the add_to_install_server script to install the additional software into the installation directory on the JumpStart server (assuming the location to be/export/install).

# .add_to_install_server /export/install

The modify_install_server Script The modify_install_server script located on the Solaris Software Installation CD-ROM enables an interactive WebStart style of installation on the client.

Warning - Running the modify_install_server script actually defeats the purpose of the JumpStart program. It disables the non-interactive benefit of the JumpStart program. The resulting installation process will be interactive.

Solaris Operating Environment System Administration I & II

Page 541 of 563

Solaris SA 1 & 2 - Training Material

Setting up the Configuration Server This section elaborates on the JumpStart configuration server setup. This system provides the configuration files for the JumpStart clients as previously discussed (see "Jumpstart Components: section).

The configuration directory minimally contains the following files: •

The rules file The rules file classifies the machines on your network using a set of predefined keywords (included in Appendix A, "The JumpStart rules and Class Files"). It also specifies the class file to be used by each class of machines.

•

A class file for each category of machines you have determined on your network The class files specify how the installation is to be done and what software is to be installed. The name of a class file is chosen by the system administrator and should follow UNIX file name conventions.

•

The check script You must run the check script after the rules and class files are created. It checks the syntax in the rules and class files. If there are no syntax errors, the check script creates the rules .ok file.

•

The rules.ok file is created from the rules file by the check script. It is read during the automatic installation process (the rules file is not looked at).

•

Optional begin and finish scripts.

•

The begin and finish scripts are used to perform pre-installation and postinstallation tasks. These scripts are available to perform more advanced customization of the installation process, such as answering the power management question that is asked when the newly-installed system first boots.

Solaris Operating Environment System Administration I & II

Page 542 of 563

Solaris SA 1 & 2 - Training Material

Setting Up a Configuration Server Directory To set up a configuration directory, perform the following steps: 1.

Select the system that will be the JumpStart configuration server and create the directory where you want to store the configuration information files. For the purpose of this discussion, use the /'export/config directory as the name.

2.

Mount the CD-ROM and copy the contents of the /cdrom/Sol_10_sparc/sO/Solaris_10/Misc/jurnpstart_saniple directory located on the Solaris Soft-ware CD 1 of 2 to your local /export/config directory. The jumpstart._sample directory from the CD-ROM contains template configuration files that you can customize; the rules file, several class files, a finish script, and the check script.

3.

Share the configuration directory.

Add an entry to share the configuration directory to the network in the /etc/dfs/dfstab file. For example:

share -d “configuration directory" /export/config Execute the/etc/nfs.server start command.

Note - If the system is already an NFS server, you need to run only the shareall command.

4.

Determine the different classes of machines that are or will be on your network and create the /export/config/rules tile. During the auto-install process, the install client is matched to a class in the rules file. Each class defined in the rules file has a specified file, called a class file, associated with it that is used to install the software.

Solaris Operating Environment System Administration I & II

Page 543 of 563

Solaris SA 1 & 2 - Training Material

5.

Determine what installation parameters to me for each class (category) of machines you listed in step 4 and create /export/config/class file for each (see the "Creating the Class Files" section on page 13-35). The class file specifies how to partition the disk, what software clusters and packages to install, and what file systems to mount. (See the host_class template file in the configuration directory.)

6.

Create begin and finish scripts. (This is optional.) A begin script is run before the class file; that is, before the actual installation, of software specified in the class file. A finish script is rim after the class file but before the system is rebooted. You can use it to modify the files or file systems of the newly installed system.

7.

After configuration of the rules file, the class files, and the begin and finish scripts, run the check script. This script checks the rules and class files for correctness and basic syntax. If no fatal errors are found, the rules ok file is created from the rules file. It is the rules .ok file that is used by the client during the installation process. a.

If the configuration server is running the Solaris Operating Environment, run the following commands:

# cd /configuration_directory. # ./check

If the configuration server is not running the Solaris Operating Environment, use the -p option to specify the path to the Solaris distribution. b.

Mount the Solaris distribution CD-ROM on the configuration server (unless the configuration server is also the install server and you copied the distribution to the install server).

c.

Run the following commands:

# cd /configuration_directory # ./check -p /path_to__Solaris distribution

Solaris Operating Environment System Administration I & II

Page 544 of 563

Solaris SA 1 & 2 - Training Material

Creating the rules File The rules file classifies the machines on your network, You should have a template of a rules file (an actual file called rules) in you; configuration directory after you copy the jumstart_sample directory to your configuration directory.

The rules file is read sequentially. Ac soon as the system finds a match in the rules file, it slops reading the file and continues with the JumpStart process. The fields are defined in Table 13-2 on page 13-32.

Solaris Operating Environment System Administration I & II

Page 545 of 563

Solaris SA 1 & 2 - Training Material

Syntax [!] match_key match_value [&&. [!} mach_key match_value] * \ begin class finish

Table 13-2 describes the fields in the rules file.

Table 13-2 Fields in the rules File

Field

Definition

match__key

A predefined keyword that describes an attribute of the system being installed. Examples of system attributes include physical memory size, disk sizes, kernel architecture, and so on. Keywords are used to help match a machine to a particular class for installation and are interpreted with respect to the install client.

match_value

The value (or range of values) selected by the system administrator for the match_key.

begin

The name of the begin script. A - is used in the begin field if no begin script is to be run during the automatic installation process.

class

The name of the class file. The names for the class files are chosen by the system administrator and must follow UNIX file name conventions.

finish

The name of the finish script (or a dash, -).

Solaris Operating Environment System Administration I & II

Page 546 of 563

Solaris SA 1 & 2 - Training Material

Using the && Symbols You can use several keywords in a rule. They are joined together by the logical AND symbol, && .

Using the ! Symbol The logical NOT ! symbol, if, used in front of a keyword to express negation. That is, to express that the install client's value for match_key does not equal the match.value specified in the rule.

Comments You can use comments in the rules file.

A comment begins after a hash(#) sign. If a line starts with a # that the entire line is a comment line. If a # is found in the middle o! a line, everything after the $ is considered a comment.

Note - Blank lines are also allowed in the rules file.

Available Keywords

Use the following keywords to classify the machines on your network. See Appendix A, "The JumpStart rules and Class Files," for a detailed description of each keyword. Table 13-3 Keywords Keywords any arch domainname disksize

hostname installed karci memsize

Solaris Operating Environment System Administration I & II

model network totaldisk

Page 547 of 563

Solaris SA 1 & 2 - Training Material

Examples of rules File Entries The following is an example of the rules file entries. # # The first five rules listed here demonstrate specifics: # hostname clientl - host__class set_root_pw hostname client2 - class.,basic_.user network 192.43.34.0 && ! model 'SUNW, Ultra-5_10' - class_net3 model 'SUNW,Ultra-5_10' - class_ultra complete_ultra memsize 64-96 && arch spare - class_prog_user # # The following rule matches any system. any class_generic -

In this rules file example: •

The first rule matches a machine on a network called clientl. The class file is host_class and the finish script is set_root_pw

•

The second rule matches a machine with host name client2 . The class file is class_basic_user.

•

The third rule matches a machine on network 192.43.34 that is not an Ultra 5 or 10. The class file is class_net3; there is no bag in or finish script.

•

The fourth rule matches a machine that is an Ultra 5 or 10. The class file is class_ultra, and there is a finish script calico complete_ultra.

•

The fifth rule matches a machine with memory between 6-1 and 96 Mbytes and a SPARC architecture. The class file is class._prog_user.

•

The sixth rule matches any machine. The class file is class_generic and there is no begin or finish script

Solaris Operating Environment System Administration I & II

Page 548 of 563

Solaris SA 1 & 2 - Training Material

Creating the Class Files A class file, which is specified in a rule, determines how the installation is performed on the client and what software is installed. Unlike the rules file, class files do not have required names However, just as for the rules file, there are predefined keywords that require certain parameters.

Keywords and Arguments

The following keywords and argument parameters arc used in a class file to specify how the installation is to be done and what software to install. Refer to Appendix. A, "The JumpStart rules and Class Files, for a detailed description of each of the keywords and parameters listed in Table 13-4.

Table 13-4 Keywords and Argument Parameters for class Piles

Parameters

Keywords install_type

initial_install | upgrade

system_type

standalone | dataless | server

partitioning

default | existing | explicit

cluster

add

| delete

cluster_name package

add | delete

package_name usedisk

disk_name

dontuse

disk_name

locale

locale_name

num_clients

number

client_swap

size

client_arch

kernel_architecture

filesys

device size file_system optional_parameters

Solaris Operating Environment System Administration I & II

Page 549 of 563

Solaris SA 1 & 2 - Training Material

Examples of Class Files This section contains examples of class files. Example 1

# Select software for programmers install_type initial_install system_type standalone partitioning default filesys any 100 swap 8 specify size of swap filesys serverl:/usr/share/man - /usr/share/man ro, soft cluster SUNWCprog package SUNWman delete package SUNWypr . add package SUNWypu add

This class file installs a system for programmers. The partitioning is determined by the software to be installed and the swap size is set to 100 Mbytes. The configuration cluster SUNWCprog contains packages for developing software in the Solaris Operating Environment. The man pages from this cluster are deleted because they are mounted from serverl, a server on the network. The NIS server packages, SUNWypr and SUNWypu are added.

The list of possible entries for the cluster keyword as it relates to the interactive installation names are shown in Table 13-5.

Table 13-5 Possible Entries for the cluster Keyword Interactive Installation Name

Cluster File Name

Core User Developer Entire Distribution Entire Distribution plus OEM

SJNWCrec SUNWCuser SUNWCprcg SUNWCall SUNWCX all

Solaris Operating Environment System Administration I & II

Page 550 of 563

Solaris SA 1 & 2 - Training Material

Example 2 install_type system_type partitioning filesys filesys filesys filesys filesys cluster package

init.ial._install standalone explicit c0t3d0s0 150 / c0t3d0sl 128 swap c:0t3d0s6 800 /usr c0t3d0s7 free /var c0tld0s7 all /opt SUNWCall SUNWman delete

Note -This class file is intended for an end-user with a small disk who does not need the manual pages package, SUNWman

Appendix A of the Solaris System Installation and Configuration Guide contains a description of the clusters and packages available on the Solaris software distribution CD-ROM.

Solaris Operating Environment System Administration I & II

Page 551 of 563

Solaris SA 1 & 2 - Training Material

Testing the Configuration with the pf install Command The pf install command checks the semantics of your class files. it tests what happens during the automatic installation process, without actually performing an installation.

This command is successful only if the configuration and install server are the same system or the two systems are both running the same version of the Solaris Operating Environment.

Running the pf install Command. To run the p fins tall command, perform the following steps:

1.

If you have copied the entire CD-ROM Solaris Operating Environment distribution to the local disk, run the pfinstall command (optional).

Syntax # /usr/sbin/install.d/pfinstall -D | -d disk_file \ [-c path_to_distr] class_file_name

Options

-D

Performs a dry run installation on the system disks using the class file class_file_name. H displays the resulting disk configuration and software selected, but no information is written to the disks.

-d

Tests the class_file_name against the disk configuration described in the file disk_file. The disk_file file contains output from the running of the prtvtoc(1M) command on various disks. This gives you the ability to test your class file on various disk configurations

-c

Specifies the path to the Solaris Operating Environment distribution

Solaris Operating Environment System Administration I & II

Page 552 of 563

Solaris SA 1 & 2 - Training Material

pf install Examples This section presents three examples of the pf install command to test the default class file host_class and includes some of the system output.

Example 1 Testing the class file, host_class, against the Solaris Operating Environment installation image located on the CD-ROM:

# cd /export/config # /usr/sbin/install.d/pfinstall -D -c /cdrom/cdrom0/s0 prog_class Parsing profile 0: 1: 2: 3: 4: 5: 6: 7: 8: 9:

install_type locale system_type partitioning cluster cluster cluster cluster cluster filesys

initial_install en_US standalone default SUNWCuser SUNWCown delete SUNWCtltk delete SUNWCxgl delete SUNWCxil delete srvr: /usr/openwin - /usr/openwin ro,intr

Processing default locales Processing profile - Selecting cluster (SUNWCuser) - Deselecting cluster (SUNCown) - Deselecting cluster (SUNWCtltk)

Solaris Operating Environment System Administration I & II

Page 553 of 563

Solaris SA 1 & 2 - Training Material

Example 2 Testing a disk file, 4GBdisk file and the host_class file, against the Solaris installation image located on the CD-ROM: Note -The 4GBdisk file is created from the output of the prtvtoc command run on a 4-Gbyte disk. This disk file can be used to create standard disk partitioning on JumpStart clients with 4-Gbyle disks. # cd /export/config #/usr/sbin/install.d/pfinstall -d 4GBdisk -c /cdrcm/cdrcrn0/s0 prog_class ….<Some output delded> ....... Verifying disk configuration Verifying space allocation - Total software size: 399.62 Mbytes Preparing system for Solaris install Configuring disk (c0t0d0) - Creating Solaris disk label (VTOC) slice: 0'' slice: 1 slice: 2 slice: 3 slice: 4 slice: 5 slice: 6 slice: 7

( /) ( swap) ( overlap) ( ) ( ) ( ) ( ) ( /export/home)

tag: tag: tag: tag: tag: tag-. tag: tag:

0x2 0x3 0x5 0x0 0x0 0x0 0x0 0x8

flag: flag: flag: flag: flag: flag: flag: flag:

0x0 0xl 0x0 0x0 0x0 0x0 0x0 0x0

Creating and checking UFS file systems - Creating / (c0t0d0s0) - Creating /export/home (c0t0d0s7)

Solaris Operating Environment System Administration I & II

Page 554 of 563

Solaris SA 1 & 2 - Training Material

Example 3

Testing an install image that has been copied from the CD-ROM Solaris software distribution lo the local /export/install directory against the host_class file:

# cd /export/config # /usr/sbin/install.d/pfinstall -D -c /export/install host_class ……<some output deleted> ……

SUNWtleu. . . .done. 1.81 Mbytes remaining. SUNWnamdt . . . done . 1.80 Kbytes regaining. SUNWnamos . . . done . 1.60 Mbytes remaining. SUNWnamow . . . done . 1.52 Mbytes remaining. Completed software installation Solaris software installation succeeded Solaris package fully installed SUNWxwrtx SUNWxwrtl SUNWwsr SUNWwbapi <some output omitted> Customizing system devices - Physical devices (/devices) - Logical devices (/dev) Installing boot information - Installing boot blocks \c0t0d0s0) Installation log location - /a/var/sadm/system/logs/install_log (before reboot) - /var/sadm/system/logs/install_log (after reboot) Mounting remaining File systems - Mounting /a/export/home (/dev/dsk/c0t0d0s7 ) Installation complete Test run complete. Exit status 0.

Solaris Operating Environment System Administration I & II

Page 555 of 563

Solaris SA 1 & 2 - Training Material

Using install_scripts Use add_install_client and iro_install_client to add or remove clients to the install server or boot servers that you must set up to support the JumpStart installation, because these commands update the /etc/bootparams file.

Running the add install client 'Script The add_install_client command must be run from the install server's Solaris installation image (a mounted Solaris Operating Environment CD-ROM or a Solaris Operating Environment CD-ROM copied to disk) or the boot server's boot directory (if a boot server is configured). The Solaris installation image or the boot directory must be the same Solaris Operating Environment release that you want installed on the client.

Syntax # ./add_install_client --e ethernet_addr -i ip__addr \ -s install_svr .-/distr -c config_svr: /config_dir \ -p sysid_config_svr:/sysid._config_dir client_name client__arch

-e

Specifies the Ethernet address of the install client and is necessary if the client is not defined in the name service.

-i

Specifies the IP address of the install client and is necessary if the client is not defined in the name service.

-s

Specifies the name of the install server and the path to the Solaris Operating Environment distribution. This option is necessary if the client is being added to a boot server.'

-c

Specifies the configuration server and (he path to the configuration directory.

-p

Specifies the configuration server and the path to the sysidcfg file. This option is available on Solaris Operating Environment and later distributions.

Solaris Operating Environment System Administration I & II

Page 556 of 563

Solaris SA 1 & 2 - Training Material

You can apply the following associations theadd_install_client command arguments:

Install server Distribution Configuration server Configuration directory Boot server Install client Client architecture

to

the

examples

of

install_svr copied to /export/install config_svr /export/config boot_svr client_name client_arch

Adding a Client Using a Solaris CD-ROM. Image on the Local Disk

To create a JumpStart client from a server that has the Solaris software copied to the local disk (see "Setting Up an Install Server" on page 13-26), perform the following steps:

1.

Change the directory to the location of the installed Solaris Operating Environment image:

# cd /export/install/Solaris_0/Tools.

2.

Create the JumpStart client using the add_install__client script found in the local directory. The following command creates a sun4u architecture client named clientl using serverl as its install and configuration server:

# /add__install_client -s serverl:/export/install \ -c eervcrl: /export/config \ -p server!:/export/config clientl sun4u

Note - The location of the Solaris software installation files (-s option) in the command indicate the /export/install directory. The location of the JumpStart configuration files (,-c option) on serverl in the previous command indicate the /export/comfit directory. Discussion of the Jumpstart configuration files is subsequent to this section.

Solaris Operating Environment System Administration I & II

Page 557 of 563

Solaris SA 1 & 2 - Training Material

Adding a Client Using a Solaris CD-ROM Image from the CD-ROM To create a Jumpstart client from a server that does not have the Solaris software CD-ROM Image copied lo the disk, perform the following steps:

1.

Insert the Solaris Software Installation CD-ROM in the drive. The void daemon automatically mounts the CD-ROM.

2.

Change the directory to the location of the add_install_client. script on the Solaris CD-ROM 1 of 2:

# cd /cdrocti/cdrcmO/sO/Solaris_10/ToolG

3.

Create the JumpStart client using the add_install_client. script. found in the director)'. The following command created a sun4u architecture client named client using the Solaris software CD-ROM for its installation and a local directory (/export/config) on server for the sysidcfg and other configuration files:

# . /add_install_client -c serverl :/export/config \ -p serverl:/export/config clientl sun4u

Note - Additionally, running the previous add_install_client command creates an entry in the /etc/dfs/dfstab file to share the /cdrom directory to the network for mount by the JumpStart client. Installation software is obtained from the media.

Solaris Operating Environment System Administration I & II

Page 558 of 563

Solaris SA 1 & 2 - Training Material

The / etc /bootparams File Content The /etc/bootparams file is updated each time the add_install_client script is run. The resulting content provides the server name(s) and the directory locations for the installation and configuration files.

Content With Locally Available Installation Piles

A server named server1 with Solaris software files copied to the local disk (sec "Adding a Client Using a Solaris CD-ROM Image on the Local Disk" on page 13-43) and shared to the network has a client! /etc/bootparams entry as follows:

client! root=serverl:/export/install/Solaris._8/Tools/Boot install=serverl:/export/install boot type =: in sysid_config=serverl: /export/cprifig install_config=serverl: /export/config rootopts=:rsize=32768

Content from the CD_ROM Installation Files

A server named serverl with Solaris software files shared to the network from the /cdrom directory (see "Adding a Client Using a Solaris CD-ROM Image From the CD-ROM" on page 13-44) has a clientl /etc/bootparams entry as follows:

clientl root=serverl:/cdrom/Sol_10_sparc/s0/Solaris_10/Tools/Boot; install=serverl: /cdrom/Sol_10_sparc/sO boottype= : in sysid_config=serverl: /export/config install_conf ig=serverl: rootopts=:rsize=32768

Solaris Operating Environment System Administration I & II

/export/config

Page 559 of 563

Solaris SA 1 & 2 - Training Material

The /etc/dfs/df stab File Content The /etc/dfs/dfstab file is populated with the appropriate entry for either the local file system or the CD-ROM, depending on the directory location from which the ac3d_install_.client command is run. If the location of (he shell was /cdrom/cdromO/sO/Solaaris_8/Tools, the entry in the /etc/dfs/dfstab would be updated with a share command for the CD-ROM. Conversely, if the location of the shell was /export/install/Solaris_10/Tools (or some other arbitrary installation directory location), the /etc/dfs/dfstab would be updated with a share command for that local directory.

Referencing the Solaris Software from Locally Available Installation Files The following /etc/dfs/dfstab file entry reflects the shared directory (/export/install) of installation files from a local disk:

share -F nfs -o ro, anon=0 /export/install

Referencing the Solaris Software from CD-ROM Installation Files The following /etc/dfs/dfstab file entry reflects the shared directory of installation files from the CD-ROM:

share -F nfs -o ro,anon-0 /cdrom/Sol_10_sparc/s0

Note - All directory entries listed in the /etc/bootparams must be shared file systems.

Solaris Operating Environment System Administration I & II

Page 560 of 563

Solaris SA 1 & 2 - Training Material

Table 13-6 JumpStart Capabilities and Limitations (Continued) Capabilities Can be applied automatically.

Limitations None.

Configurations supported

Installs: Servers Standalone systems Dataless systems

Does not install diskless clients

Operations handled by default

Partitions disks and sizes of file systems.

Requires more administrative steps; for example, the script set_root_pw, which is located in the jumpstart_sample directory is the script needed to assign root password.

Patches

Assigns host name and 'name service domain (NIS+,NIS, or local files).

Requires IP addresses to be manually allocated by the administrator. Operation handled by additional scripts

Enables arbitrary sitespecific customization, such as: setting up a second Ethernet port on a machine and making it a router; adding additional nonroot users to a local system, setting up print servers; adding known print servers to a print client; and adding entries to the automount map.

Network configuration/ routers

None

Requires a boot server on the local network or subnet. Allows install servers to be placed on the opposite side of router.

Solaris Operating Environment System Administration I & II

Page 561 of 563

Solaris SA 1 & 2 - Training Material

Table 13-6 jumpStart Capabilities and Limitations (Continued)

Concurrent use/batch mode

Capabilities Has no software limitation on the number of clients that can be installed concurrently.

Limitations Has physical limitations that include:

The install server is more responsive if its copy of the Solaris Operating Environment distribution is on disk, rather than on the CDROM device, which is slow for random accesses. The number of clients concurrently doing an installation also negatively affects performance.

Solaris Operating Environment System Administration I & II

Page 562 of 563

Solaris SA 1 & 2 - Training Material

The Power

of Potential

# 202, Trendset Pyla, Beside e-Seva Centre, 1-A, Vengal Rao Nagar, Hyderabad – 500 038 Ph: 040-55629937, 55616704 www.rrootshell.com

Solaris Operating Environment System Administration I & II

Page 563 of 563